The signOut method in auth.ts does not delete cookies set with a cu…

…stom domain. This enables custom domain cookies to be deleted by checking if a custom domain has been set for the cookie. If so, it adds the custom domain to the keys that Nextjs' ResponseCookie's delete method matches against, now finding the cookie and deleting it. (#116)
workos · Oct 21, 2024 · 7fa52f5 · 7fa52f5
1 parent cdb0fab
commit 7fa52f5
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/src/auth.ts b/src/auth.ts
@@ -3,7 +3,7 @@
 import { getAuthorizationUrl } from './get-authorization-url.js';
 import { cookies } from 'next/headers';
 import { terminateSession } from './session.js';
-import { WORKOS_COOKIE_NAME } from './env-variables.js';
+import { WORKOS_COOKIE_NAME, WORKOS_COOKIE_DOMAIN } from './env-variables.js';
 
 async function getSignInUrl({ organizationId }: { organizationId?: string } = {}) {
   return getAuthorizationUrl({ organizationId, screenHint: 'sign-in' });
@@ -14,8 +14,11 @@ async function getSignUpUrl() {
 }
 
 async function signOut() {
-  const cookieName = WORKOS_COOKIE_NAME || 'wos-session';
-  cookies().delete(cookieName);
+  const cookie: { name: string; domain?: string } = {
+    name: WORKOS_COOKIE_NAME || 'wos-session',
+  };
+  if (WORKOS_COOKIE_DOMAIN) cookie.domain = WORKOS_COOKIE_DOMAIN;
+  cookies().delete(cookie);
   await terminateSession();
 }