From 215ff6207b79ba1c0de19862db7ea37ca1c5846d Mon Sep 17 00:00:00 2001 From: Andrei Bunea Date: Tue, 31 Mar 2020 03:25:06 +0300 Subject: [PATCH] Add domain when clearing cookie (#79) --- src/handlers/logout.ts | 3 ++- tests/handlers/logout.test.ts | 37 +++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/src/handlers/logout.ts b/src/handlers/logout.ts index 1a12a3b3f..4e2c8c6c8 100644 --- a/src/handlers/logout.ts +++ b/src/handlers/logout.ts @@ -33,7 +33,8 @@ export default function logoutHandler(settings: IAuth0Settings, sessionSettings: name: sessionSettings.cookieName, value: '', maxAge: -1, - path: sessionSettings.cookiePath + path: sessionSettings.cookiePath, + domain: sessionSettings.cookieDomain } ]); diff --git a/tests/handlers/logout.test.ts b/tests/handlers/logout.test.ts index c2ca8c2bb..5852d082f 100644 --- a/tests/handlers/logout.test.ts +++ b/tests/handlers/logout.test.ts @@ -53,3 +53,40 @@ describe('logout handler', () => { }); }); }); + +describe('logout handler with cookieDomain', () => { + const cookieDomain = 'www.acme.com'; + let httpServer: HttpServer; + + beforeAll(done => { + httpServer = new HttpServer( + logout(withoutApi, new CookieSessionStoreSettings({ ...withoutApi.session, cookieDomain })) + ); + httpServer.start(done); + }); + + afterAll(done => { + httpServer.stop(done); + }); + + test('should delete the state and session', async () => { + const { headers } = await getAsync({ + url: httpServer.getUrl(), + headers: { + cookie: ['a0:state=foo', 'a0:session=bar'].join('; ') + }, + followRedirect: false + }); + + const [stateCookie, sessionCookie] = headers['set-cookie']; + expect(parse(stateCookie)).toMatchObject({ + 'a0:state': '', + 'Max-Age': '-1' + }); + expect(parse(sessionCookie)).toMatchObject({ + 'a0:session': '', + 'Max-Age': '-1', + Domain: cookieDomain + }); + }); +});