django-magiclink icon indicating copy to clipboard operation
django-magiclink copied to clipboard
verified publisher icon pyepye

Cookie not deleted with LoginVerify

Open efojs opened this issue 4 years ago • 1 comments

Description

Debugging why cookie not deleted with LoginVerify if REQUIRE_SAME_BROWSER,
found that it is set properly:

set-cookie: 
magiclink498=e214549f-0d66-491a-a494-20964daa649e; 
Path=/

But for deletion, browser gets this:

set-cookie: 
magiclink498=""; 
expires=Thu, 01 Jan 1970 00:00:00 GMT; 
Max-Age=0; 
Path=e214549f-0d66-491a-a494-20964daa649e

Setting breakpoint after response.delete_cookie(cookie_name, magiclink.cookie_value) shows:

(Pdb) response.cookies.values()
dict_values([<Morsel: magiclink498=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=e214549f-0d66-491a-a494-20964daa649e>])

While after response.set_cookie(cookie_name, magiclink.cookie_value):

(Pdb) response.cookies.values()
dict_values([<Morsel: magiclink498=e214549f-0d66-491a-a494-20964daa649e; Path=/>])

Question

Do you have any ideas why can it happen?
Can you recreate it?

System

MagicLink: ==1.0.4 Django: ==3.2.5 Python: 3.8

efojs avatar Jul 31 '21 22:07 efojs

Hi @efojs

Sorry if I'm not getting this but it looks like it's working as expected?

It's up to the browser to delete a cookie but the cookie value is getting set to "" and it's being set to expire at Thu, 01 Jan 1970 00:00:00 GMT which is the server side way of setting a cookie to delete.

There is a test which ensures this is what happens on LoginVerify: https://github.com/pyepye/django-magiclink/blob/master/tests/test_login_verify.py#L33-L34

Thanks Matt

pyepye avatar Sep 08 '21 22:09 pyepye