Cookie does not clear from browser in production

[AaronMcCloskey]

The res.clearCookie function does not clear the cookie in the browser when on the server in production.

This is because the domain has not been set when clearing the cookie, like it is when you set the session while __prod__ is true

Passing options into res.clearCookie will fix this however.

res.clearCookie(COOKIE_NAME, {
  domain: __prod__ ? '.codeponder.com' : '',
  path: '/',
});

You can replace .codeponder.com with your domain

[WillKoste]

@AaronMcCloskey I've been debugging this issue for a few hours now and I think I finally got it. In the Express docs, it states that the clearCookie options have to be identical to the options passed in for the express-session middleware on ./server/src/index.ts.

Chrome has been giving me issues, but here are the options I passed in for the middleware:

app.use(
            session({
                name: COOKIE_NAME,
                secret: SESSION_SECRET,
                store: new RedisStore({client: redis, disableTouch: true}),
                cookie: {
                    maxAge: 1000 * 60 * 60 * 24 * 365 * 10, // 10 years
                    secure: true,
                    sameSite: 'none'
                },
                saveUninitialized: false,
                resave: false
            })
        );

And here is the clearCookie:

@Mutation(() => Boolean)
    logout(@Ctx() {req, res}: MyContext) {
        return new Promise((resolve) =>
            req.session.destroy((err) => {
                res.clearCookie(COOKIE_NAME, {
                    secure: true,
                    sameSite: 'none'
                });
                if (err) {
                    console.error(err);
                    resolve(false);
                    return;
                }
                resolve(true);
            })
        );
    }

Hopefully, this helps- I hate debugging cookies...

[WillKoste]

Oh, and it would also be good to mention that I am just using React, not Next.js.