session validation/invalidation

api/release.go

@@ -20,7 +20,7 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler {
         // only allow authorised users to view hidden releases
         privileged := false
         if !release.Visible {
-            session, err := controller.GetSessionFromRequest(app.DB, r)
+            session, err := controller.GetSessionFromRequest(app, r)
             if err != nil {
                 fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err)
                 http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)