The signOut method in auth.ts does not delete cookies set with a custom domain. To reproduce, I had an application with WORKOS_COOKIE_DOMAIN set (I had it set to .myrootdomain.extension for local), and signOut did end the user session on the WorkOS dashboard, but didn't delete the session cookie, so the user still appeared logged in. This PR lets signOut delete custom domain cookies by checking if a custom domain has been set for the cookie. If so, it adds the custom domain to the keys that cookies().delete() matches against, now finding the cookie and deleting it. I've tested this locally by using this fork of the package in my app.
This lets authkit-nextjs work for applications that use a subdomain per customer (ex. customer1.myenterpriseco.com).
In case this takes a while to merge and other people run into this issue, I'm using a custom sign out method as a workaround:
The
signOutmethod in auth.ts does not delete cookies set with a custom domain. To reproduce, I had an application withWORKOS_COOKIE_DOMAINset (I had it set to.myrootdomain.extensionfor local), andsignOutdid end the user session on the WorkOS dashboard, but didn't delete the session cookie, so the user still appeared logged in. This PR letssignOutdelete custom domain cookies by checking if a custom domain has been set for the cookie. If so, it adds the custom domain to the keys thatcookies().delete()matches against, now finding the cookie and deleting it. I've tested this locally by using this fork of the package in my app.This lets authkit-nextjs work for applications that use a subdomain per customer (ex.
customer1.myenterpriseco.com).In case this takes a while to merge and other people run into this issue, I'm using a custom sign out method as a workaround: