Should be able to unset access and refresh token cookies independently. #148
Comments
matthewstory
added a commit
to matthewstory/flask-jwt-extended
that referenced
this issue
May 5, 2018
…ctions Signed-off-by: Matthew Story <[email protected]>
matthewstory
changed the title
vimalloc
added a commit
that referenced
this issue
May 5, 2018
[#148] add unset_access_cookies and unset_refresh_cookies functions
|
Released in v3.8.2. Cheers 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am looking specifically to be able to unset access token cookies without unsetting refresh token cookies.
My reason for this is that I am handling JWTs before dispatching to the view function (i have written a JWT session extension) and I would like to return a 401 when I receive an expired token and then remove only the access tokens in that response, preserving the refresh tokens should the user choose to refresh but allowing subsequent requests to be made without an access token (empty session) rather than with an invalid access token (unresolvable 401).
I am proposing introducing two new functions:
unset_access_cookies
unset_refresh_cookies
symmetrical to the
set_*_cookiesfunctions in addition to the existingunset_jwt_cookesfunction.I have a work-around in place, but it's far more elegant to make this change and I think it's probably generally useful.
PR incoming.
The text was updated successfully, but these errors were encountered: