search

schibsted / account-sdk-browser

Schibsted Account SDK for browsers
https://schibsted.github.io/account-sdk-browser/
MIT License
16 stars 11 forks source link

Missing `._session` when clearing cookie upon logout #97

Closed M4R7iNP closed 5 years ago

M4R7iNP commented 6 years ago

When logging out, this._session is undefined here: https://github.com/schibsted/account-sdk-browser/blob/f9465d683b061c224d1f909877ce2c461ba5f8ce/src/identity.js#L351

That is because it is only set upon login/hasSession callback, not on every other pageview: https://github.com/schibsted/account-sdk-browser/blob/f9465d683b061c224d1f909877ce2c461ba5f8ce/src/identity.js#L462

We can either set this._session on every pageview or always use document.cookie.

marjuszkiewicz commented 5 years ago

This issue seems to be fixed by varnishCookieDomain and fallback to document.domain in newest version of SDK. Please re-open if I'm wrong. BTW It is good practise to check isLoggedIn() before calling logout.