session icon indicating copy to clipboard operation
session copied to clipboard
verified publisher icon koajs

Delete cookie on session destruction

Open iliakan opened this issue 7 years ago • 5 comments

Right now when the session is destroyed, the session cookie is made empty, not removed.

That's an incorrect behavior, the cookie should be deleted as well. For that, we need to set the expiration date to the past, not just an empty value.

iliakan avatar Sep 20 '18 19:09 iliakan

Coverage Status

Coverage remained the same at 100.0% when pulling 00e9ec016518d8bb40d89cb0e07a1ff045acd19e on iliakan:patch-1 into 4ea5a63470b936642a18875997e1a627794d198d on koajs:master.

coveralls avatar Sep 20 '18 20:09 coveralls

looks like browser will delete the cookie when received empty string as a cookie value ( works with chrome and safari)

dead-horse avatar Oct 08 '18 15:10 dead-horse

For me it affected autotests that failed when I switched from another session module.

iliakan avatar Oct 08 '18 15:10 iliakan

@dead-horse Any updates on when this fix will be merged?

ejose19 avatar Aug 16 '19 03:08 ejose19

@ejose19 @dead-horse I've created a pull request with code to expire the .sig and session cookies #180

jmitchell38488 avatar Aug 16 '19 05:08 jmitchell38488