flask-login icon indicating copy to clipboard operation
flask-login copied to clipboard

Published 20 hours ago verified publisher icon maxcountryman

Clear Cookie needs SameSite and Secure attributes

Open Maheshkumar-novice opened this issue 2 years ago • 1 comments

Describe the bug We need to provide SameSite and Secure attributes when we clear cookie also as some browsers (Example, Brave) not clearing the cookie without SameSite: None and Secure attributes as they are needed for CORS.

To Reproduce Steps to reproduce the behavior:

  1. Login using flask-login with remember me as true
  2. Verify that if remember me cookie is set
  3. Logout
  4. Verify that if remember me cookie is cleared or not
  5. In my case it's not

Expected behavior Remember cookie should be cleared

Screenshots

BRAVE BROWSER:

brave1

brave2

brave3

CHROME BROWSER:

chrome1

chrome2

chrome3

def _set_cookie(self, response):
       ....
        response.set_cookie(
            cookie_name,
            value=data,
            expires=expires,
            domain=domain,
            path=path,
            secure=secure,
            httponly=httponly,
            samesite=samesite,
        )

    def _clear_cookie(self, response):
        ...
        response.delete_cookie(cookie_name, domain=domain, path=path)

We are sending SameSite and Secure when we _set_cookie but not in _clear_cookie.

Desktop (please complete the following information):

  • Device: Laptop
  • OS: Pop! OS
  • Browser: Brave, Chrome
  • Version: 103

Additional context

Maheshkumar-novice avatar Jul 02 '22 18:07 Maheshkumar-novice

If this is still an issue then please address it with a proposed fix in the form of a PR.

maxcountryman avatar Jan 21 '24 13:01 maxcountryman