From e6b23262dae7653b9e5b19fb4c6aaa6d3af6bd2f Mon Sep 17 00:00:00 2001
From: Brenda Wallace <brenda@wallace.net.nz>
Date: Mon, 13 Feb 2017 20:08:31 +1300
Subject: [PATCH 1/2] User can only sign out their own session

---
 app/controllers/authentications_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/authentications_controller.rb b/app/controllers/authentications_controller.rb
index 3567ea67f..7d0d40178 100644
--- a/app/controllers/authentications_controller.rb
+++ b/app/controllers/authentications_controller.rb
@@ -29,7 +29,7 @@ class AuthenticationsController < ApplicationController
 
   # DELETE /authentications/1
   def destroy
-    @authentication = Authentication.find(params[:id])
+    @authentication = Authentication.find_by(id: params[:id], member: current_member)
     @authentication.destroy
 
     respond_to do |format|

From 0d1bab04d5db699f464c892ab0b01e1d9871a4e9 Mon Sep 17 00:00:00 2001
From: Brenda Wallace <brenda@wallace.net.nz>
Date: Mon, 13 Feb 2017 20:28:29 +1300
Subject: [PATCH 2/2] don't load the record again

---
 app/controllers/authentications_controller.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/controllers/authentications_controller.rb b/app/controllers/authentications_controller.rb
index 7d0d40178..62806da84 100644
--- a/app/controllers/authentications_controller.rb
+++ b/app/controllers/authentications_controller.rb
@@ -29,7 +29,6 @@ class AuthenticationsController < ApplicationController
 
   # DELETE /authentications/1
   def destroy
-    @authentication = Authentication.find_by(id: params[:id], member: current_member)
     @authentication.destroy
 
     respond_to do |format|