fix: remove cookies from root domain

kinde-oss · Feb 9, 2024 · 8d2a332 · 8d2a332
1 parent cd3c65d
commit 8d2a332
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/src/session/sessionManager.js b/src/session/sessionManager.js
@@ -155,6 +155,14 @@ export const pageRouterSessionManager = (req, res) => {
           maxAge: -1
         })
       ]);
+
+      // remove cookies from the root domain
+      res?.setHeader('Set-Cookie', [
+        cookie.serialize(itemKey, '', {
+          path: '/',
+          maxAge: -1
+        })
+      ]);
     },
     destroySession: () => {
       res?.setHeader('Set-Cookie', [
@@ -174,6 +182,24 @@ export const pageRouterSessionManager = (req, res) => {
           })
         )
       ]);
+
+      // remove cookies from the root domain
+      res?.setHeader('Set-Cookie', [
+        ...[
+          'id_token_payload',
+          'id_token',
+          'access_token_payload',
+          'access_token',
+          'user',
+          'refresh_token',
+          'post_login_redirect_url'
+        ].map((name) =>
+          cookie.serialize(name, '', {
+            path: '/',
+            maxAge: -1
+          })
+        )
+      ]);
     }
   };
 };