Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session cookie not emptied when setting "domain" attribute at creation #204

Closed
arkhaiel opened this issue Oct 4, 2024 · 2 comments · Fixed by #205
Closed

Session cookie not emptied when setting "domain" attribute at creation #204

arkhaiel opened this issue Oct 4, 2024 · 2 comments · Fixed by #205

Comments

@arkhaiel
Copy link
Contributor

arkhaiel commented Oct 4, 2024

Hello there !

I created a session with a domain starting with a dot so I can get session on subdomains as well.

      await setUserSession(event, {
        user: user,
        loggedInAt: new Date().toISOString(),
      }, {
        cookie: {
          domain: '.domain.tld',
        },
      })

It actually creates a cookie with the domain: .domain.tld attribute.
BUT when I clear the session with await clearUserSession(event), it actually creates a new cookie, with the domain: domain.tld attribute, and sets its value blank.

So I'm not disconnected. There's more : if I click "logout" from a subdomain, it creates another empty cookie with domain: sub.domain.tld, so the subdomain is logged out, but the others are not.

I see from h3 code
that clearSession can take some Partial<SessionConfig> as well and use it when setting the new empty session cookie.

I see from nuxt-auth-utils code that clearUserSession does not take any config parameter, making it impossible to reuse the config used in setUserSession to pass it to the setCookie called from h3 ?

I'm still a learner, but do you think it would be possible to simply change the clearUserSession this way so I can pass the same cookie options I used with setUserSession, and the right cookie would be emptied ?

export async function clearUserSession(event: H3Event, config? Partial<SessionConfig>) {
  const session = await _useSession(event, config)

  await sessionHooks.callHookParallel('clear', session.data, event)
  await session.clear()

  return true
}

Again, I'm just trying to start from my problem and reading code from repo to repo, to see how I can fix it, so I'm not sure at all.
Still, if you can confirm my guess is right, it would be an honor to make my first PR to this amazing module.

Thanks A LOT for all your work, it's a real pleasure every day to use the amazing stuff you create ❤️
@atinux
Copy link
Owner

atinux commented Oct 5, 2024

Hey, nice find, indeed we should also get a partial config in the clearUserSession, feel free to open a PR ❤️

Also, keep in mind that you can configure the config globally in your runtime config as a workaround

@arkhaiel arkhaiel mentioned this issue Oct 5, 2024
Merged
@arkhaiel
Copy link
Contributor Author

arkhaiel commented Oct 5, 2024

It's done. Thanks for the info related to the runtime config, I completely forgot this point.
I think I'm gonna use this way instead of inline config. Sad I won't be able to use my PR 😆

@arkhaiel arkhaiel closed this as completed Oct 5, 2024
atinux pushed a commit that referenced this issue Oct 5, 2024
@arkhaiel
feat: clearUserSession takes config arg as well
69eaf42 
Related to #204
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: clearUserSession takes config arg as well arkhaiel/nuxt-auth-utils
2 participants
@atinux @arkhaiel