Closed ccastillop closed 6 months ago
Hello, When calling UserMfaSession.destroy the mfa_credentials cookie is not destroyed at all.
UserMfaSession.destroy
It seems the GoogleAuthenticatorRails.destroy method requires the current domain as specified on https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html
GoogleAuthenticatorRails.destroy
I will send a PR for that
if you're using cookies the method to be used to delete the cookie is via UserMfaSession::destroy. right?
UserMfaSession::destroy
Yep!
Hello, When calling
UserMfaSession.destroy
the mfa_credentials cookie is not destroyed at all.It seems the
GoogleAuthenticatorRails.destroy
method requires the current domain as specified on https://api.rubyonrails.org/classes/ActionDispatch/Cookies.htmlI will send a PR for that