`res.clearCookie()` does not ignore `maxAge`

[tjarbo]

Hi everyone! I just ran into a bug, where res.clearCookie() does not work properly.

What happen?

According to the typescript definitions, res.clearCookie() accepts CookieOptions as a second parameter (see here) which includes the maxAge attribute. But if the maxAge is set, the cookie won't be deleted.

What do I expect?

.clearCookie()should ignore (or delete) the maxAge attribute, because it is used to calculate the expire attribute afterwards in .cookie();

Research

I already located the bug and would like to provide a pr to fix this.

[yagmurmutluer9]

I had the same problem a few days ago, thanks for the pr i want to try when it merged

[dougwilson]

Thank you for your work on this @tjarbo !

[dougwilson]

Please see #4252 for related discussion. This was original designed this way on purpose (ugh), and I see it being used in the wild this way. We can land such a change in the 5.0 branch, so I'm setting it to 5.0.

[Segmentational]

Added a review for tgarbo's PR

[tjarbo]

Thank you @Segmentational !

[kaj]

Since #4252 is closed, I'll continue the discussion here:

As all the other options (domain, sameSite, etc) needs to be the same when clearing the cookie as when setting it, the natural thing to do is use the same const OPTIONS when clearing the current cookie as when setting it. Anything that depends on the current behaviour is obviously broken. If a new major is needed to fix this, then a new major is needed asap.

Big thanks to @tjarbo for identifying the problem and provding a PR!