Closed migsar closed 3 years ago
... Set-Cookie: refresh_token=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: permission_variables=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT ...
These cookies should not be sent by the client (browser / API client) given they expired in 1970 (it's 2021 now ;))
I think this is an issue with the API client. We're using res.clearCookie()
internally
I'm using Insomnia API Client and not a browser, so this might be a problem specific to how insomnia handles cookies, still I think it is important to document it.
After logging out I cannot do any other request, I get an 400 response and the following log:
On the docker instance with the dist version, the problem is the following, but I couldn't translate it to the source code version (didn't try that much):
I realize that the problem is that
/auth/logout
have the following headers, that still have cookies but with empty values.If I completely (manually) delete the cookies it start working again.