We might not be correctly clearing OIDC cookies when handling an OIDC callback

[DMRobertson]

Looking at sentry, this one is really weird. It happens when session == b"", which might be a result of the cookie clearing done before. Testing it a bit, on Safari, it looks like the cookie clearing line 201 does not clear the cookie properly, and instead sets it to a blank value, hence the issue.

So, it's a legit exception, and probably a legit bug because we're not clearing the cookie properly.

Originally posted by @sandhose in #12723 (comment)

The lines in question:

synapse/synapse/handlers/oidc.py

Lines 193 to 205 in df3c432

	# Remove the cookies. There is a good chance that if the callback failed
	# once, it will fail next time and the code will already be exchanged.
	# Removing the cookies early avoids spamming the provider with token requests.
	#
	# we have to build the header by hand rather than calling request.addCookie
	# because the latter does not support SameSite=None
	# (https://twistedmatrix.com/trac/ticket/10088)
	for cookie_name, options in _SESSION_COOKIES:
	request.cookies.append(
	b"%s=; Expires=Thu, Jan 01 1970 00:00:00 UTC; %s"
	% (cookie_name, options)
	)

And the sentry report: https://sentry.matrix.org/sentry/synapse-matrixorg/issues/219508/?query=is%3Aunresolved