From 8d2a3324ab6b770c12a73c9503ab812aa6d8e9ab Mon Sep 17 00:00:00 2001
From: Peter Phanouvong <peterphanouvong@gmail.com>
Date: Fri, 9 Feb 2024 16:42:39 +1100
Subject: [PATCH] fix: remove cookies from root domain

---
 src/session/sessionManager.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/session/sessionManager.js b/src/session/sessionManager.js
index e53b4d5..0579fbc 100644
--- a/src/session/sessionManager.js
+++ b/src/session/sessionManager.js
@@ -155,6 +155,14 @@ export const pageRouterSessionManager = (req, res) => {
           maxAge: -1
         })
       ]);
+
+      // remove cookies from the root domain
+      res?.setHeader('Set-Cookie', [
+        cookie.serialize(itemKey, '', {
+          path: '/',
+          maxAge: -1
+        })
+      ]);
     },
     destroySession: () => {
       res?.setHeader('Set-Cookie', [
@@ -174,6 +182,24 @@ export const pageRouterSessionManager = (req, res) => {
           })
         )
       ]);
+
+      // remove cookies from the root domain
+      res?.setHeader('Set-Cookie', [
+        ...[
+          'id_token_payload',
+          'id_token',
+          'access_token_payload',
+          'access_token',
+          'user',
+          'refresh_token',
+          'post_login_redirect_url'
+        ].map((name) =>
+          cookie.serialize(name, '', {
+            path: '/',
+            maxAge: -1
+          })
+        )
+      ]);
     }
   };
 };