JWT - /logout Doesn't Delete Cookies

iMerica / dj-rest-auth

Authentication for Django Rest Framework

https://dj-rest-auth.readthedocs.io/en/latest/index.html

MIT License

1.67k stars 311 forks source link

JWT - /logout Doesn't Delete Cookies #435

Closed Dresdn closed 1 year ago

Dresdn commented 2 years ago

When the two settings are used, the JWT AUTH cookies aren't deleted since the secure flag isn't set.

JWT_AUTH_SAMESITE = 'None'
JWT_AUTH_SECURE = True

The logic in dj_rest_auth.jwt_auth.unset_jwt_cookies() hard codes the samesite attribute of delete_cookie(), which causes the secure flag to not be set, causing the browser to not delete them.

I'll open a PR shortly to fix.

DarnellSylvain commented 1 year ago

Is there anyway I can use this myself before it is pulled?