Problem with logging out

[SEJeff]

I took a quick stab at implementing a "logout" handler to this app as the Try it again? link not actually being a logout but just a redirect to / with the session still valid irked me. This is the patch I did:

$ git diff
diff --git a/server/server.go b/server/server.go
index 826a73b..7a2afc0 100644
--- a/server/server.go
+++ b/server/server.go
@@ -93,6 +93,7 @@ func (ws *Server) registerRoutes() {

        // Authenticated handlers for viewing credentials after logging in
        router.HandleFunc("/dashboard", ws.LoginRequired(ws.Index))
+       router.HandleFunc("/logout", ws.LoginRequired(ws.Logout))

        // Static file serving
        router.PathPrefix("/").Handler(http.FileServer(http.Dir("./static/")))
diff --git a/server/user.go b/server/user.go
index d4dfa97..f468df1 100644
--- a/server/user.go
+++ b/server/user.go
@@ -55,3 +55,14 @@ func (ws *Server) UserExists(w http.ResponseWriter, r *http.Request) {
        }
        jsonResponse(w, existsResponse{Exists: true}, http.StatusOK)
 }
+
+// Logout logs out the current logged in user and redirects them to
+// the homepage
+func (ws *Server) Logout(w http.ResponseWriter, r *http.Request) {
+       log.Infof("Logging out")
+       // Calling store.MaxAge(-1) will expire *all* sessions for all
+       // users and this only expires the existing session
+       //      https://godoc.org/github.com/gorilla/sessions#CookieStore.MaxAge
+       ws.store.Options.MaxAge = -1
+       http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
+}

I logged in with user a@a in a chrome window and then b@b in an incognito window. I logged out of user a@a and this worked, but when attempting to re-login with a@a I'm only getting http 400 from /assertion with "error unmarshaling data". What super obvious thing am I missing?

[SEJeff]

The log also mentions an invalid time stamp on the securecookie

[SEJeff]

"fixed" by just setting the cookie Expires to time.Unix(0, 0) instead of fooling with the maxage bits.