When logging out from inside an iframe the `user_credentials` cookie doesn't get deleted in chromium based browsers.

[ravibhusal]

• [x] This is not a usage question.
  • Our volunteers' time is limited, so please ask usage questions on StackOverflow.
• [x] This is not a security issue.
  • Do not disclose security issues in public. See our contributing guide for instructions.
• [x] This bug is reproducible with a clean install of authlogic
• [x] I am committed to fixing this in a reasonable amount of time, and responding promptly to feedback.

Expected Behavior

With same_site "None" and secure = true, when you are logged in from inside an iframe with remember_me: true and you try to logout by destroying the session with user_session.destroy, it should log the user out and delete the user_credentials cookie.

Actual Behavior

The above scenario doesn't work for Chromium based browsers. The user_credentials is not deleted. Tested in Chrome and MS edge (from iframes inside Ms Teams and Outlook). It works fine in Firefox. And no this is not because of ssl issue like in #719. I am running ngrok with https for local development and this occurs in production as well.

Note: To be clear, logging out from the site itself works fine on Chrome and MS-edge. But when the site is running inside an iframe, then the expected behaviour is not met.

Google chrome version: 91.0.4472.77 (Official Build) (64-bit) MS-edge version: 90.0.818.66

[ravibhusal]

Closing this as this was due to a regression triggered on my end after removing gem rails_same_site_cookie.