Session cookie not cleared if logout route is not at the root level #8
Comments
Closed
|
Thanks, please check whether #9 fixes your problem. |
|
@untitaker It doesn't work; it could be a bug with cookie 0.5.0. Maybe the fix would be to upgrade |
|
That sounds sensible. It appears cookie 0.7 has changed a lot from 0.5 and this
will require quite a lot of internal changes. I might have time for this next
week but right now I can't.
…On Tue, Apr 04, 2017 at 08:06:31PM -0700, Bryan Tan wrote:
@untitaker It doesn't work; it could be a [bug with cookie 0.5.0](rwf2/cookie-rs#75). Maybe the fix would be to upgrade`cookie`.
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#8 (comment)
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
With
SignedCookieBackend,session().clear()doesn't clear cookies if it is called on a route that isn't at the server root (e.g./path/logout). This problem doesn't happen ifPath=/is added to theSet-Cookieheader. I've confirmed this with both Firefox 45 and Chrome 57. I haven't tested this with theRedisBackend.A minimal demonstration and a workaround can be found in this gist.
The dependencies that I used are
Edit: Looks like the issue is caused by this line. It seems like since
Pathis set when the cookie is created,cookie.cleardoes not remove the cookie.The text was updated successfully, but these errors were encountered: