elysia icon indicating copy to clipboard operation
elysia copied to clipboard

Published 20 hours ago verified publisher icon elysiajs

[Bug] cookie.name.remove() not removing cookie as expected

Open lnfel opened this issue 1 year ago • 3 comments

What version of Elysia.JS is running?

1.0.7

What platform is your computer?

Darwin 19.6.0 x86_64 i386

What steps can reproduce the bug?

  1. Set cookie
cookie.auth.set({
    path: '/',
    value: Math.random().toString(),
    maxAge: 7 * 86400,
    secure: true,
    httpOnly: true
})
  1. Attempt to remove cookie
cookie.auth.remove() // not working
  1. See browser Devtools > Application > Cookies has a cookie named auth

What is the expected behavior?

Expected to have the cookie removed in the client. We can do this by setting maxAge of cookie to 0.

cookie.auth.update({
    path: '/',
    value: '',
    maxAge: 0,
    secure: true,
    httpOnly: true
})

What do you see instead?

No response

Additional information

No response

lnfel avatar Mar 23 '24 05:03 lnfel

What is more bewildering is that I see nothing out of place in elysia code... https://github.com/elysiajs/elysia/blob/e8ddb2f76c273275940c0f80881931f61ab918db/src/cookies.ts#L239-L249

On second look, we should provide an option to path. Usually auth stores cookies at / path. but cookie.name.remove() does not specify the path so the cookie stays on the client.

lnfel avatar Mar 23 '24 05:03 lnfel

Hi, would like to help but I'm unable to reproduce on my end using the following code.

import { Elysia } from 'elysia'

const app = new Elysia()
	.get('/', ({ cookie }) => {
		cookie.auth.set({
			path: '/',
			value: Math.random().toString(),
			maxAge: 7 * 86400,
			secure: true,
			httpOnly: true
		})
	})
	.get('/remove', ({ cookie }) => {
		cookie.auth.remove()
	})
	.get('/value', ({ cookie }) => {
		return cookie.auth.value
	})
        .listen(3000)

SaltyAom avatar Mar 25 '24 13:03 SaltyAom

@SaltyAom first here are the elysia related packages on the project:

"@bogeychan/elysia-polyfills": "^0.6.4",
"@elysiajs/cors": "^1.0.0",
"@elysiajs/swagger": "^1.0.0",
"elysia": "^1.0.7",

Using Node version 18.14.2

And here is the exact code used to test the bug, it is consistently happening, this might be a Node thing but idk.

import { Elysia, t } from 'elysia'

const routes = new Elysia({ prefix: '/experiment', name: 'routes:experiment' })
  .derive(({ cookie, set }) => {
    return {
      userHasRole: async () => {
        console.log('cookie.auth: ', cookie.auth)
        console.log('cookie.auth.value: ', cookie.auth.value)
        if (cookie.auth.value) {
          return 'User is not important.'
        }
        set.status = 'Unauthorized'
        return "You seem out of place."
      },
      login: () => {
        cookie.auth.set({
          path: '/',
          value: Math.random().toString(),
          maxAge: 7 * 86400,
          secure: true,
          httpOnly: true
        })
      },
      signOut: () => {
        cookie.auth.remove() // not working
        // cookie.auth.update({
        //  path: '/',
        //  value: '',
        //  maxAge: 0,
        //  secure: true,
        //  httpOnly: true
        // })
        console.log('cookie.auth: ', cookie.auth)
        return 'User logged out.'
      }
    }
  })
  .get('/user-role', async ({ userHasRole }) => {
    return {
      message: await userHasRole()
    }
  })
  .get('/login-user', ({ login }) => {
    return {
      message: login()
    }
  })
  .get('/signout-user', ({ signOut }) => {
    return {
      message: signOut()
    }
  })

lnfel avatar Mar 27 '24 08:03 lnfel

Hello, I'm on Deno, and I cannot remove cookie. I tried delete cookie["some_cookie_name"] and cookie["some_cookie_name].remove(). And it does not work.

carere avatar May 21 '24 20:05 carere