# destroy cookie, destroy session
# keep device cookie
new_session
- SET_COOKIE 0 session=""
- SET_COOKIE 0 user_id=""
+ SESSION_COOKIE new
+ SET_COOKIE 0 user_id="" Path="/${_BASE#/}" SameSite=Strict HttpOnly
REDIRECT "${_BASE}${PATH_INFO}#USER_LOGGED_OUT"
}