on cookie based auth i can set auth and refresh cookies with these settings
"JWT_COOKIE_SECURE": True,
"JWT_COOKIE_SAMESITE": "None",
and my url is :
path("graphql", csrf_exempt(jwt_cookie(GraphQLView.as_view(graphiql=True)))),
but i cant delete these cookies with delete_token_cookie and delete_refresh_token_cookie mutations because these mutations dont send new blank cookies with same settings that i can set before
this is tokenAuth response header : AuthToken="cookie_value_placeholder"; expires=Sat, 15 Oct 2022 18:32:28 GMT; HttpOnly; Max-Age=300; Path=/; SameSite=None; Secure
and this is deleteTokenCookie response header : AuthToken=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
These cookie settings missing at deleteTokenCookieResponse : HttpOnly; SameSite=None; Secure
same situation at the deleteRefreshTokenCookie
i think delete mutations not use jwt settings
is there a solution or workaround for this issue ?
thanks..
on cookie based auth i can set auth and refresh cookies with these settings "JWT_COOKIE_SECURE": True, "JWT_COOKIE_SAMESITE": "None",
and my url is : path("graphql", csrf_exempt(jwt_cookie(GraphQLView.as_view(graphiql=True)))),
but i cant delete these cookies with delete_token_cookie and delete_refresh_token_cookie mutations because these mutations dont send new blank cookies with same settings that i can set before this is tokenAuth response header : AuthToken="cookie_value_placeholder"; expires=Sat, 15 Oct 2022 18:32:28 GMT; HttpOnly; Max-Age=300; Path=/; SameSite=None; Secure
and this is deleteTokenCookie response header : AuthToken=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
These cookie settings missing at deleteTokenCookieResponse : HttpOnly; SameSite=None; Secure
same situation at the deleteRefreshTokenCookie
i think delete mutations not use jwt settings
is there a solution or workaround for this issue ? thanks..