fix: logout properly expires cookie with matching domain/path attributes

2026-03-18 03:08:00 +04:00 · 2026-03-18 03:08:00 +04:00 · 3df7f4b702
parent 8221b3a33d
commit 3df7f4b702
2 changed files with 3 additions and 2 deletions
--- a/apps/web/src/routes/auth.ts
+++ b/apps/web/src/routes/auth.ts
@ -80,7 +80,7 @@ export const account = new Elysia({ prefix: "/account" })
  }, { detail: { hide: true } })

  .get("/logout", ({ cookie, set }) => {
-    cookie.pingql_key.remove();
+    cookie.pingql_key.set({ value: "", ...COOKIE_OPTS, maxAge: 0 });
    set.redirect = "/dashboard";
  }, { detail: { hide: true } })

--- a/apps/web/src/routes/dashboard.ts
+++ b/apps/web/src/routes/dashboard.ts
@ -103,7 +103,8 @@ export const dashboard = new Elysia()

  // Logout
  .get("/dashboard/logout", ({ cookie }) => {
-    cookie.pingql_key?.remove();
+    // Explicitly expire with same domain/path so browser actually clears it
+    cookie.pingql_key?.set({ value: "", maxAge: 0, path: "/", domain: process.env.COOKIE_DOMAIN ?? ".pingql.com", secure: process.env.NODE_ENV !== "development", sameSite: "lax" });
    return redirect("/dashboard");
  })