When using JWT auth, I have observed that the sessionid cookie is not deleted after the access token expires (refer below screenshots) because of which the protected views are still accessible even though the access token expires. I believe the sessionid cookie should also be deleted upon access (JWT_AUTH_COOKIE) token expiry.
Once I manually delete the sessionid cookie after the access token expires, then the protected views become no longer accessible.
Please fix this so that sessionid cookie is set to be deleted automatically after the access token expires.
When using JWT auth, I have observed that the sessionid cookie is not deleted after the access token expires (refer below screenshots) because of which the protected views are still accessible even though the access token expires. I believe the sessionid cookie should also be deleted upon access (JWT_AUTH_COOKIE) token expiry.
Once I manually delete the sessionid cookie after the access token expires, then the protected views become no longer accessible.
Please fix this so that sessionid cookie is set to be deleted automatically after the access token expires.
Before:
After:
