Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cant Delete Cookies With Same Settings with tokenAuth Mutation #308

Open
PyDevX opened this issue Oct 15, 2022 · 0 comments
Open

Cant Delete Cookies With Same Settings with tokenAuth Mutation #308

PyDevX opened this issue Oct 15, 2022 · 0 comments

Comments

@PyDevX
Copy link

PyDevX commented Oct 15, 2022

on cookie based auth i can set auth and refresh cookies with these settings
"JWT_COOKIE_SECURE": True,
"JWT_COOKIE_SAMESITE": "None",

and my url is :
path("graphql", csrf_exempt(jwt_cookie(GraphQLView.as_view(graphiql=True)))),

but i cant delete these cookies with delete_token_cookie and delete_refresh_token_cookie mutations because these mutations dont send new blank cookies with same settings that i can set before
this is tokenAuth response header : AuthToken="cookie_value_placeholder"; expires=Sat, 15 Oct 2022 18:32:28 GMT; HttpOnly; Max-Age=300; Path=/; SameSite=None; Secure

and this is deleteTokenCookie response header : AuthToken=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/

These cookie settings missing at deleteTokenCookieResponse : HttpOnly; SameSite=None; Secure

same situation at the deleteRefreshTokenCookie

i think delete mutations not use jwt settings

is there a solution or workaround for this issue ?
thanks..
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PyDevX