From eebe4036ece50aab988d2d0bc9123ab6da7fd5e9 Mon Sep 17 00:00:00 2001 From: Mrugesh Mohapatra Date: Sat, 26 May 2018 18:28:20 +0530 Subject: [PATCH] fix: remove cookies when signout, logout (remote) and delete (remote) --- common/models/user.js | 13 +++++++++---- server/boot/authentication.js | 12 ++++++++---- server/boot/user.js | 12 ++++++++---- 3 files changed, 25 insertions(+), 12 deletions(-) diff --git a/common/models/user.js b/common/models/user.js index fa61aca7ab..032a5d3d41 100644 --- a/common/models/user.js +++ b/common/models/user.js @@ -407,10 +407,15 @@ module.exports = function(User) { ); }; - User.afterRemote('logout', function(ctx, result, next) { - var res = ctx.res; - res.clearCookie('access_token'); - res.clearCookie('userId'); + User.afterRemote('logout', function({req, res}, result, next) { + const config = { + signed: !!req.signedCookies, + domain: process.env.COOKIE_DOMAIN || 'localhost' + }; + res.clearCookie('jwt_access_token', config); + res.clearCookie('access_token', config); + res.clearCookie('userId', config); + res.clearCookie('_csrf', config); next(); }); diff --git a/server/boot/authentication.js b/server/boot/authentication.js index cf108fa3ba..1e8e576b6e 100644 --- a/server/boot/authentication.js +++ b/server/boot/authentication.js @@ -59,10 +59,14 @@ module.exports = function enableAuthentication(app) { } ); } - res.clearCookie('jwt_access_token'); - res.clearCookie('access_token'); - res.clearCookie('userId'); - res.clearCookie('_csrf'); + const config = { + signed: !!req.signedCookies, + domain: process.env.COOKIE_DOMAIN || 'localhost' + }; + res.clearCookie('jwt_access_token', config); + res.clearCookie('access_token', config); + res.clearCookie('userId', config); + res.clearCookie('_csrf', config); res.redirect('/'); }); }); diff --git a/server/boot/user.js b/server/boot/user.js index bc05d88470..530114e5df 100644 --- a/server/boot/user.js +++ b/server/boot/user.js @@ -119,10 +119,14 @@ module.exports = function(app) { if (err) { return next(err); } req.logout(); req.flash('success', 'You have successfully deleted your account.'); - res.clearCookie('jwt_access_token'); - res.clearCookie('access_token'); - res.clearCookie('userId'); - res.clearCookie('_csrf'); + const config = { + signed: !!req.signedCookies, + domain: process.env.COOKIE_DOMAIN || 'localhost' + }; + res.clearCookie('jwt_access_token', config); + res.clearCookie('access_token', config); + res.clearCookie('userId', config); + res.clearCookie('_csrf', config); return res.status(200).end(); }); }