From 0039683b74143bae8a6b2ba55a4d6f40c1a78b7d Mon Sep 17 00:00:00 2001
From: Danny <dannyvankooten@gmail.com>
Date: Tue, 15 May 2018 14:20:05 +0200
Subject: [PATCH] set header code when sessionstore returns err

---
 pkg/api/auth.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/api/auth.go b/pkg/api/auth.go
index 8d4c3a2..23ae160 100644
--- a/pkg/api/auth.go
+++ b/pkg/api/auth.go
@@ -66,7 +66,10 @@ func (api *API) LogoutHandler(w http.ResponseWriter, r *http.Request) error {
 func (api *API) Authorize(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		session, err := api.sessions.Get(r, "auth")
+
+		// an err is returned if cookie has been tampered with, so check that
 		if err != nil {
+			w.WriteHeader(http.StatusUnauthorized)
 			return
 		}