koajs · dead-horse · Aug 23, 2019 · Aug 16, 2019 · dead-horse · Aug 19, 2019
diff --git a/lib/context.js b/lib/context.js
@@ -4,6 +4,7 @@ const debug = require('debug')('koa-session:context');
 const Session = require('./session');
 const util = require('./util');
 
+const COOKIE_EXP_DATE = new Date(util.CookieDateEpoch);
 const ONE_DAY = 24 * 60 * 60 * 1000;
 
 class ContextSession {
@@ -273,7 +274,12 @@ class ContextSession {
    */
 
   async remove() {
-    const opts = this.opts;
+    // Override the default options so that we can properly expire the session cookies
+    const opts = Object.assign({}, this.opts, {
+      expires: COOKIE_EXP_DATE,
+      maxAge: false,
+    });
+
     const ctx = this.ctx;
     const key = opts.key;
     const externalKey = this.externalKey;

diff --git a/lib/util.js b/lib/util.js
@@ -34,4 +34,6 @@ module.exports = {
   hash(sess) {
     return crc(JSON.stringify(sess));
   },
+
+  CookieDateEpoch: 'Thu, 01 Jan 1970 00:00:00 GMT',
 };
diff --git a/test/cookie.test.js b/test/cookie.test.js
@@ -249,6 +249,47 @@ describe('Koa Session Cookie', () => {
     });
   });
 
+  describe('after session set to null with signed cookie', () => {
+    it('should return expired cookies', done => {
+      const app = App({
+        signed: true,
+      });
+
+      app.use(async function(ctx) {
+        ctx.session.hello = {};
+        ctx.session = null;
+        ctx.body = String(ctx.session === null);
+      });
+
+      request(app.listen())
+        .get('/')
+        .expect('Set-Cookie', /koa:sess=; path=\/; expires=Thu, 01 Jan 1970 00:00:00 GMT/)
+        .expect('Set-Cookie', /koa:sess.sig=(.*); path=\/; expires=Thu, 01 Jan 1970 00:00:00 GMT/)
+        .expect('true')
+        .expect(200, done);
+    });
+  });
+
+  describe('after session set to null without signed cookie', () => {
+    it('should return expired cookies', done => {
+      const app = App({
+        signed: false,
+      });
+
+      app.use(async function(ctx) {
+        ctx.session.hello = {};
+        ctx.session = null;
+        ctx.body = String(ctx.session === null);
+      });
+
+      request(app.listen())
+        .get('/')
+        .expect('Set-Cookie', /koa:sess=; path=\/; expires=Thu, 01 Jan 1970 00:00:00 GMT/)
+        .expect('true')
+        .expect(200, done);
+    });
+  });
+
   describe('when get session after set to null', () => {
     it('should return null', done => {
       const app = App();