Provide path and domain from cookie resource definition when unsetting cookie #299

danielcompton · 2019-06-06T08:19:46Z

When removing a cookie you need to provide exactly the same Path, and Domain as the original cookie was set with.

Finally, to remove a cookie, the server returns a Set-Cookie header
with an expiration date in the past. The server will be successful
in removing the cookie only if the Path and the Domain attribute in
the Set-Cookie header match the values used when the cookie was
created. - https://tools.ietf.org/html/rfc6265#section-3.1

When using yada/unset-cookie to remove a cookie, it only sets the value and expiry date for the cookie.

https://github.com/juxt/yada/blob/1.3.0-alpha11/src/yada/cookies.clj#L144

I think the fix is for this line to merge the :path and :domain from the cookie resource, if they are set.

My workaround for now is:

(-> ctx
    (yada/unset-cookie :session)
    (assoc-in [:response :cookies "session" :path] "/"))

See https://stackoverflow.com/a/20320610 for more info.

The text was updated successfully, but these errors were encountered:

danielcompton changed the title ~~Provide cookie path and domain from cookie resource definition when unsetting cookie~~ Provide path and domain from cookie resource definition when unsetting cookie Jun 6, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provide path and domain from cookie resource definition when unsetting cookie #299

Provide path and domain from cookie resource definition when unsetting cookie #299

danielcompton commented Jun 6, 2019

Provide path and domain from cookie resource definition when unsetting cookie #299

Provide path and domain from cookie resource definition when unsetting cookie #299

Comments

danielcompton commented Jun 6, 2019