actually one more question:

> --- gotwebd/auth.c
> +++ gotwebd/auth.c
> [...]
> +static void
> +do_logout(struct request *c)
> +{
> +	const struct got_error *error = NULL;
> +	struct gotwebd *env = gotwebd_env;
> +	uid_t uid;
> +	char *hostname = NULL;
> +	const char *identifier = NULL;
> +	struct gotweb_url url;
> +
> +	int r;
> +
> +	if (login_check_token(&uid, &hostname, c->fcgi_params.auth_cookie,
> +	    auth_token_secret, sizeof(auth_token_secret),
> +	    "authentication") == -1) {
> +		error = got_error(GOT_ERR_LOGOUT_FAILED);
> +		goto err;
> +	}
> +
> +	/*
> +	 * The www user ID represents the case where no authentication
> +	 * occurred. This user must not be allowed to log in.
> +	 */
> +	if (uid == env->www_uid) {
> +		error = got_error(GOT_ERR_LOGOUT_FAILED);
> +		goto err;
> +	}

this cannot happen actually?  or is just paranoid?

> +	c->client_uid = uid;
> +	if (strcmp(hostname, c->fcgi_params.server_name) != 0) {
> +		error = got_error_msg(GOT_ERR_LOGOUT_FAILED,
> +		    "wrong server name in authentication cookie");
> +		goto err;
> +	}
> +
> +	if (gotwebd_env->gotwebd_verbose > 0) {
> +		log_info("logging out uid %u as %s for server \"%s\"",
> +		    uid, identifier, hostname);
> +	}
> +
> +	/* Ask the browser to delete the authentication cookie.  */
> +	r = tp_writef(c->tp, "Clear-Site-Data: \"cookies\"\r\n");
> +	if (r == -1) {
> +		error = got_error_from_errno("tp_writef");
> +		goto err;
> +	}
> +