Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookie does not clear from browser in production #44

Open
AaronMcCloskey opened this issue Oct 12, 2021 · 2 comments
Open

Cookie does not clear from browser in production #44

AaronMcCloskey opened this issue Oct 12, 2021 · 2 comments

Comments

@AaronMcCloskey
Copy link

The res.clearCookie function does not clear the cookie in the browser when on the server in production.

This is because the domain has not been set when clearing the cookie, like it is when you set the session while __prod__ is true

Passing options into res.clearCookie will fix this however.

res.clearCookie(COOKIE_NAME, {
  domain: __prod__ ? '.codeponder.com' : '',
  path: '/',
});

You can replace .codeponder.com with your domain

@AaronMcCloskey AaronMcCloskey changed the title clear cookie does not clear cookie from browser in production Cookie does not clear from browser in production Oct 12, 2021
@WillKoste
Copy link

@AaronMcCloskey I've been debugging this issue for a few hours now and I think I finally got it. In the Express docs, it states that the clearCookie options have to be identical to the options passed in for the express-session middleware on ./server/src/index.ts.
clearCookieDocs

Chrome has been giving me issues, but here are the options I passed in for the middleware:

app.use(
			session({
				name: COOKIE_NAME,
				secret: SESSION_SECRET,
				store: new RedisStore({client: redis, disableTouch: true}),
				cookie: {
					maxAge: 1000 * 60 * 60 * 24 * 365 * 10, // 10 years
					secure: true,
					sameSite: 'none'
				},
				saveUninitialized: false,
				resave: false
			})
		);

And here is the clearCookie:

@Mutation(() => Boolean)
	logout(@Ctx() {req, res}: MyContext) {
		return new Promise((resolve) =>
			req.session.destroy((err) => {
				res.clearCookie(COOKIE_NAME, {
					secure: true,
					sameSite: 'none'
				});
				if (err) {
					console.error(err);
					resolve(false);
					return;
				}
				resolve(true);
			})
		);
	}

Hopefully, this helps- I hate debugging cookies...

@WillKoste
Copy link

Oh, and it would also be good to mention that I am just using React, not Next.js.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants