fix: set domain when clearing cookie (fastify#174)

* fix: set domain when clearing cookie * fix: test case updated * fix: updated tests
nicob-29 · Oct 13, 2022 · 137cbbd · 137cbbd
1 parent 4938bb6
commit 137cbbd
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/lib/fastifySession.js b/lib/fastifySession.js
@@ -170,7 +170,7 @@ function fastifySession (fastify, options, next) {
       if (!saveSession || isInsecureConnection) {
         // if a session cookie is set, but has a different ID, clear it
         if (cookieSessionId && cookieSessionId !== session.encryptedSessionId) {
-          reply.clearCookie(cookieName)
+          reply.clearCookie(cookieName, { domain: cookieOpts.domain })
         }
         done()
         return

diff --git a/test/session.test.js b/test/session.test.js
@@ -735,6 +735,25 @@ test("clears cookie if not backed by a session, and there's nothing to save", as
   t.equal(response.headers['set-cookie'], 'sessionId=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
 })
 
+test("clearing cookie sets the domain if it's specified in the cookie options", async t => {
+  t.plan(2)
+  const fastify = await buildFastify((request, reply) => {
+    reply.send(200)
+  }, {
+    ...DEFAULT_OPTIONS,
+    cookie: { domain: 'domain.test' }
+  })
+  t.teardown(() => fastify.close())
+
+  const response = await fastify.inject({
+    url: '/',
+    headers: { cookie: DEFAULT_COOKIE_VALUE }
+  })
+
+  t.equal(response.statusCode, 200)
+  t.equal(response.headers['set-cookie'], 'sessionId=; Domain=domain.test; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
+})
+
 test('does not clear cookie if no session cookie in request', async t => {
   t.plan(2)
   const fastify = await buildFastify((request, reply) => {