Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
After a session is created, Backend returns two cookies:
__Host-session
and__csrf
. The cookies expire at the same time as the session, so if a session expires on its own, the cookies will expire as well and be cleared. If the user logs out the session before it expires, then the__Host-session
cookie is cleared — but the__csrf
cookie is not. I don't think that's a huge deal, but I think it's cleaner to clear both cookies together, which is what this PR does.What has been done to verify that this works as intended?
Updated tests.
Why is this the best possible solution? Were any other approaches considered?
The change is pretty small.
How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?
This change isn't really user-facing. It's more about cleaning up after logout. I think the risk of regression is low.
Does this change require updates to the API documentation? If so, please update docs/api.md as part of this PR.
I don't think changes are needed. We discourage the use of cookie auth in the API docs, and we don't document the
__csrf
cookie at all.Before submitting this PR, please make sure you have:
make test-full
and confirmed all checks still pass OR confirm CircleCI build passes