fiber icon indicating copy to clipboard operation
fiber copied to clipboard

Published 20 hours ago verified publisher icon gofiber

🐛 [Bug]: (c *fiber.Ctx).ClearCookie() does absolutely nothing

Open iacore opened this issue 1 year ago • 6 comments

Bug Description

Setting the cookie is fine. The gofiber server responds with this header, which sets the cookie.

Set-Cookie: __Host-pixivfe-ImageProxy=https://i.pixiv.re; expires=Mon, 25 Mar 2024 15:06:10 GMT; path=/; HttpOnly; secure; SameSite=Strict

However, the server can't reset it.

Neither c.ClearCookie(name) or c.ClearCookie() work.

How to Reproduce

Steps to reproduce the behavior:

  1. Set the cookie above in browser
  2. have a server call c.ClearCookie
  3. See in Developer Tool > Storage > Cookies. cookie still there.

Expected Behavior

cookie cleared

Fiber Version

v2.52.0

Workaround

Set the cookie with no value and an expiration date in the past.

Checklist:

  • [X] I agree to follow Fiber's Code of Conduct.
  • [X] I have checked for existing issues that describe my problem prior to opening this one.
  • [X] I understand that improperly formatted bug reports may be closed without explanation.

iacore avatar Feb 24 '24 15:02 iacore

Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

welcome[bot] avatar Feb 24 '24 15:02 welcome[bot]

I think the problem is that when unsetting the cookie, the header looks like this:

Set-Cookie: KEY=; expires=<SOME DATE>

I remember that the other fields need to perfectly match to clear a cookie.

iacore avatar Feb 24 '24 15:02 iacore

The fasthttp client has this documentation:

// DelClientCookie instructs the client to remove the given cookie.
// This doesn't work for a cookie with specific domain or path,
// you should delete it manually like:
//
//	c := AcquireCookie()
//	c.SetKey(key)
//	c.SetDomain("example.com")
//	c.SetPath("/path")
//	c.SetExpire(CookieExpireDelete)
//	h.SetCookie(c)
//	ReleaseCookie(c)
//
// Use DelCookie if you want just removing the cookie from response header.
func (h *ResponseHeader) DelClientCookie(key string) {
	h.DelCookie(key)

	c := AcquireCookie()
	c.SetKey(key)
	c.SetExpire(CookieExpireDelete)
	h.SetCookie(c)
	ReleaseCookie(c)
}

Maybe the problem happens when the cookie has a path. Maybe new method to delete the cookie manually by passing a Cookie struct could exist

brunodmartins avatar Feb 25 '24 02:02 brunodmartins

Original issue: https://github.com/valyala/fasthttp/issues/951

brunodmartins avatar Feb 25 '24 02:02 brunodmartins

I ended up using this utility

func ClearCookies(c *fiber.Ctx, key ...string) {
	for i := range key {
		c.Cookie(&fiber.Cookie{
			Name:    key[i],
			Expires: time.Now().Add(-time.Hour * 24),
			Value:   "",
		})
	}
}

and use it like

utils.ClearCookies(c, "token_account")

adharshmk96 avatar Mar 22 '24 17:03 adharshmk96

@ReneWerner87 Could we incorporate the above in the framework?

gaby avatar Mar 27 '24 02:03 gaby