Add domain when clearing cookie (#79)

auth0 · Mar 31, 2020 · 215ff62 · 215ff62
1 parent d34b319
commit 215ff62
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/src/handlers/logout.ts b/src/handlers/logout.ts
@@ -33,7 +33,8 @@ export default function logoutHandler(settings: IAuth0Settings, sessionSettings:
         name: sessionSettings.cookieName,
         value: '',
         maxAge: -1,
-        path: sessionSettings.cookiePath
+        path: sessionSettings.cookiePath,
+        domain: sessionSettings.cookieDomain
       }
     ]);
 

diff --git a/tests/handlers/logout.test.ts b/tests/handlers/logout.test.ts
@@ -53,3 +53,40 @@ describe('logout handler', () => {
     });
   });
 });
+
+describe('logout handler with cookieDomain', () => {
+  const cookieDomain = 'www.acme.com';
+  let httpServer: HttpServer;
+
+  beforeAll(done => {
+    httpServer = new HttpServer(
+      logout(withoutApi, new CookieSessionStoreSettings({ ...withoutApi.session, cookieDomain }))
+    );
+    httpServer.start(done);
+  });
+
+  afterAll(done => {
+    httpServer.stop(done);
+  });
+
+  test('should delete the state and session', async () => {
+    const { headers } = await getAsync({
+      url: httpServer.getUrl(),
+      headers: {
+        cookie: ['a0:state=foo', 'a0:session=bar'].join('; ')
+      },
+      followRedirect: false
+    });
+
+    const [stateCookie, sessionCookie] = headers['set-cookie'];
+    expect(parse(stateCookie)).toMatchObject({
+      'a0:state': '',
+      'Max-Age': '-1'
+    });
+    expect(parse(sessionCookie)).toMatchObject({
+      'a0:session': '',
+      'Max-Age': '-1',
+      Domain: cookieDomain
+    });
+  });
+});