Invalidation of cookies does not work

adam-hanna / jwt-auth

This package provides json web token (jwt) middleware for goLang http servers

MIT License

231 stars 43 forks source link

Invalidation of cookies does not work #14

Open nItroFreeZer opened 3 years ago

nItroFreeZer commented 3 years ago

Hi there

In the NullifyTokens() func you want to delete / invalidate the authCookie and refreshCookie. Unfortunately this does not work if the cookie has no value for the path attribute. The browsers ignores the Set-Cookie headers and the cookies are preserved.

Kind Regards

adam-hanna commented 3 years ago

Sorry, I'm just seeing this, now. Thanks for the report.