unable to delete mfa cookie on production

[ccastillop]

Hello, When calling UserMfaSession.destroy the mfa_credentials cookie is not destroyed at all.

It seems the GoogleAuthenticatorRails.destroy method requires the current domain as specified on https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html

I will send a PR for that

[alfie-max]

if you're using cookies the method to be used to delete the cookie is via UserMfaSession::destroy. right?

[jaredonline]

Yep!