From 263a51938d894896306fab155737aecc7c74b04a Mon Sep 17 00:00:00 2001
From: Luke Barnard <lukeb@openmarket.com>
Date: Thu, 25 May 2017 17:16:16 +0100
Subject: [PATCH 1/3] Reset store state when logging out

This prevents leaking of state that we do not want to share with the next user
---
 src/stores/LifecycleStore.js | 5 +++++
 src/stores/RoomViewStore.js  | 3 +++
 src/stores/SessionStore.js   | 5 +++++
 3 files changed, 13 insertions(+)

diff --git a/src/stores/LifecycleStore.js b/src/stores/LifecycleStore.js
index 43e2de9d52..5dfe82500a 100644
--- a/src/stores/LifecycleStore.js
+++ b/src/stores/LifecycleStore.js
@@ -61,6 +61,11 @@ class LifecycleStore extends Store {
                 });
                 dis.dispatch(deferredAction);
                 break;
+            case 'on_logged_out':
+                this._state = {
+                    deferred_action: null,
+                };
+                break;
         }
     }
 }
diff --git a/src/stores/RoomViewStore.js b/src/stores/RoomViewStore.js
index 1ceef551a8..d893318af7 100644
--- a/src/stores/RoomViewStore.js
+++ b/src/stores/RoomViewStore.js
@@ -73,6 +73,9 @@ class RoomViewStore extends Store {
             case 'join_room':
                 this._joinRoom(payload);
                 break;
+            case 'on_logged_out':
+                this.reset();
+                break;
         }
     }
 
diff --git a/src/stores/SessionStore.js b/src/stores/SessionStore.js
index 2fd35ce40a..5713e4d321 100644
--- a/src/stores/SessionStore.js
+++ b/src/stores/SessionStore.js
@@ -66,6 +66,11 @@ class SessionStore extends Store {
                     cachedPassword: null,
                 });
                 break;
+            case 'on_logged_out':
+                this._state = {
+                    cachedPassword: null,
+                };
+                break;
         }
     }
 

From 9311b9012a4177c501a61c34a5d7d08b48f054f5 Mon Sep 17 00:00:00 2001
From: Luke Barnard <lukeb@openmarket.com>
Date: Fri, 26 May 2017 17:23:02 +0100
Subject: [PATCH 2/3] Use the same `.reset` as RoomViewStore

---
 src/stores/LifecycleStore.js | 16 ++++++++++------
 src/stores/SessionStore.js   | 16 ++++++++++------
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/src/stores/LifecycleStore.js b/src/stores/LifecycleStore.js
index 5dfe82500a..f7e3ff9dbb 100644
--- a/src/stores/LifecycleStore.js
+++ b/src/stores/LifecycleStore.js
@@ -16,6 +16,10 @@ limitations under the License.
 import dis from '../dispatcher';
 import {Store} from 'flux/utils';
 
+const INITIAL_STATE = {
+    deferred_action: null,
+};
+
 /**
  * A class for storing application state to do with login/registration. This is a simple
  * flux store that listens for actions and updates its state accordingly, informing any
@@ -33,9 +37,7 @@ class LifecycleStore extends Store {
         super(dis);
 
         // Initialise state
-        this._state = {
-            deferred_action: null,
-        };
+        this._state = INITIAL_STATE;
     }
 
     _setState(newState) {
@@ -62,12 +64,14 @@ class LifecycleStore extends Store {
                 dis.dispatch(deferredAction);
                 break;
             case 'on_logged_out':
-                this._state = {
-                    deferred_action: null,
-                };
+                this.reset();
                 break;
         }
     }
+
+    reset() {
+        this._state = Object.assign({}, INITIAL_STATE);
+    }
 }
 
 let singletonLifecycleStore = null;
diff --git a/src/stores/SessionStore.js b/src/stores/SessionStore.js
index 5713e4d321..a4b49d9cea 100644
--- a/src/stores/SessionStore.js
+++ b/src/stores/SessionStore.js
@@ -16,6 +16,10 @@ limitations under the License.
 import dis from '../dispatcher';
 import {Store} from 'flux/utils';
 
+const INITIAL_STATE = {
+    cachedPassword: localStorage.getItem('mx_pass'),
+};
+
 /**
  * A class for storing application state to do with the session. This is a simple flux
  * store that listens for actions and updates its state accordingly, informing any
@@ -33,9 +37,7 @@ class SessionStore extends Store {
         super(dis);
 
         // Initialise state
-        this._state = {
-            cachedPassword: localStorage.getItem('mx_pass'),
-        };
+        this._state = INITIAL_STATE;
     }
 
     _update() {
@@ -67,11 +69,13 @@ class SessionStore extends Store {
                 });
                 break;
             case 'on_logged_out':
-                this._state = {
-                    cachedPassword: null,
-                };
+                this.reset();
                 break;
         }
+
+        reset() {
+            this._state = Object.assign({}, INITIAL_STATE);
+        }
     }
 
     getCachedPassword() {

From ac44151e2a2d8c9b158d8b8315ddb939430291f6 Mon Sep 17 00:00:00 2001
From: Luke Barnard <lukeb@openmarket.com>
Date: Fri, 26 May 2017 17:27:31 +0100
Subject: [PATCH 3/3] Put the reset method in the right scope...

---
 src/stores/SessionStore.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/stores/SessionStore.js b/src/stores/SessionStore.js
index a4b49d9cea..62868e4fe4 100644
--- a/src/stores/SessionStore.js
+++ b/src/stores/SessionStore.js
@@ -72,10 +72,10 @@ class SessionStore extends Store {
                 this.reset();
                 break;
         }
+    }
 
-        reset() {
-            this._state = Object.assign({}, INITIAL_STATE);
-        }
+    reset() {
+        this._state = Object.assign({}, INITIAL_STATE);
     }
 
     getCachedPassword() {