diff --git a/README.md b/README.md
index 695d7f3..2487369 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,8 @@ TWITTER_AUTH_CALLBACK_URI=...
 
 IRON_PASSWORD=...
 
-ICNS_VERIFIER_URI=...
+# must be separated by commas
+ICNS_VERIFIER_ORIGIN_LIST=http:localhost:8080,http://localhost:8081
 ```
 
 Run the development server:
diff --git a/pages/api/twitter-auth-url.ts b/pages/api/twitter-auth-url.ts
index 5d82b7e..cb90bfa 100644
--- a/pages/api/twitter-auth-url.ts
+++ b/pages/api/twitter-auth-url.ts
@@ -23,6 +23,8 @@ export default withIronSessionApiRoute(async function handler(
   }
 
   try {
+    req.session.destroy();
+
     const codeVerifier = base64URLEncode(crypto.randomBytes(32));
     req.session.code_verifier = codeVerifier;
     await req.session.save();