From f4e4dc9f1143e1e5a29f69ad6de63ac9c3d3c95b Mon Sep 17 00:00:00 2001
From: Hornwitser <code@hornwitser.no>
Date: Tue, 8 Jul 2025 15:53:58 +0200
Subject: [PATCH] Allow abandoning anonymous taken sessions

If an anonymous session is detected as taken the logic preventing the
session from being accidentally deleted would also prevent the user from
recovering from a taken anonymous session.
---
 server/api/auth/session.delete.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/api/auth/session.delete.ts b/server/api/auth/session.delete.ts
index df4bfd9..4cbfa47 100644
--- a/server/api/auth/session.delete.ts
+++ b/server/api/auth/session.delete.ts
@@ -10,7 +10,7 @@ export default defineEventHandler(async (event) => {
 	if (session) {
 		const users = await readUsers();
 		const account = users.find(user => user.id === session.accountId);
-		if (account?.type === "anonymous") {
+		if (account?.type === "anonymous" && session.successor === undefined) {
 			throw createError({
 				status: 409,
 				message: "Cannot log out of an anonymous account",