updated destroy to delete cookies with domain all

jaredonline / google-authenticator

Ruby gem to implement Google's MFA authenticator

MIT License

307 stars 84 forks source link

updated destroy to delete cookies with domain all #71

Closed osama-inayat closed 6 months ago

osama-inayat commented 1 year ago

ISSUE

I was destroying the cookies using UserMfaSession::destroy while logging out But on login, the cookies for that user were still there. On debugging I found this was missing.

jaredonline commented 1 year ago

@osama-inayat sorry it's taken me so long to get to this.

Can you write a spec for this? I'm not sure what why user cookies would still be there; no domain is specified when the cookie is created.