session now gets destroyed on logout

api/blueweather.php

@@ -133,6 +133,24 @@ class BlueWeather
         return($data);
     }
 
+    /**
+     * Function to destroy a user session
+     * 
+     * @param string $session session-token
+     * 
+     * @return int 200: OK; 401: session does not exist
+     */
+    public function destroySession($session)
+    {
+        $sql = "DELETE FROM `sessions` 
+        WHERE `session`=\"".$this->_con->real_escape_string($session)."\"";
+
+        if ($this->_con->query($sql)) {
+            return 200;
+        } else {
+            return 500;
+        }
+    }
 
     // --------------------
     // - getter functions -

api/json.php

@@ -76,6 +76,17 @@ if (isset($_GET['locId'])) {
                 }
 
             }
+            break;
+        case 1002:
+            // destroy session
+            if (!isset($request['body'])) {
+                $data = array("header"=>400);
+            } else {
+                $data = array(
+                    "header"=>$blueweather->destroySession($request['body'])
+                );
+
+            }
         }
     }
 } else {

js/blueweather.js

@@ -79,6 +79,27 @@ class BlueWeather {
         xhttp.send()
     }
 
+    logout() {
+        var xhttp = new XMLHttpRequest();
+        var thisObject = this
+
+        xhttp.onreadystatechange = function () {
+            if (this.readyState === 4) {
+                if (this.status === 200) {
+                    thisObject.log("logout response was: " + this.responseText, 3)
+                    document.cookie = "session=;"
+                    location.reload()
+                }
+            }
+        }
+
+        var request = JSON.stringify({ header: 1002, body: this.session.token })
+        var url = this.host + "/api/json.php?command=" + request
+        this.log("starting logout request; URL is: " + url, 3)
+        xhttp.open("GET", url, true)
+        xhttp.send()
+    }
+
     checkSession(token, processingFunction) {
         var xhttp = new XMLHttpRequest();
         var thisObject = this
@@ -356,7 +377,7 @@ class BlueWeather {
             profileDropdown.setAttribute("aria-labelledby", "userDropdown")
 
             // fill the dropdown menu
-            function createDropdownMenuElement(icon, text, onclick=null) {
+            function createDropdownMenuElement(icon, text, onclick = null) {
                 // create element
                 var elem = document.createElement("a")
                 elem.classList.add("dropdown-item")
@@ -388,9 +409,8 @@ class BlueWeather {
             profileDropdown.appendChild(createDropdownSeparator())
             profileDropdown.appendChild(createDropdownMenuElement("settings", " Settings"))
             profileDropdown.appendChild(createDropdownSeparator())
-            profileDropdown.appendChild(createDropdownMenuElement("log-out", " Log out", function() {
+            profileDropdown.appendChild(createDropdownMenuElement("log-out", " Log out", function () {
-                document.cookie = "session=;"
+                thisObject.logout()
-                location.reload()
             }))
 
         }