You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Visit http://YOUR_IP:4321/ and the page says logged in: NO
Visit http://YOUR_IP:4321/login and the page says logged in: YES
Visit http://YOUR_IP:4321/logout and the page still says logged in: YES
Note: it is important to use the real IP address (instead of 127.0.0.1) to reproduce this bug, since 127.0.0.1 is a secure origin.
Expected Behavior
Sanic should add an optional secure parameter to delete_cookie method, so we can write something like res.cookies.delete_cookie('session', secure=False).
Then the page should say logged in: NO after visiting /logout.
How do you run Sanic?
As a script (app.run or Sanic.serve)
Operating System
Linux
Sanic Version
v23.12.1
Additional context
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Describe the bug
The
delete_cookie
method inCookieJar
lacks thesecure
parameter, and this parameter in its internal call toself.add_cookie
default to True.Therefore, attempts to delete a cookie in an insecure (plain HTTP) origin will be always blocked by the browser because it will set the
;Secure
flag:Code snippet
http://YOUR_IP:4321/
and the page sayslogged in: NO
http://YOUR_IP:4321/login
and the page sayslogged in: YES
http://YOUR_IP:4321/logout
and the page still sayslogged in: YES
Note: it is important to use the real IP address (instead of 127.0.0.1) to reproduce this bug, since 127.0.0.1 is a secure origin.
Expected Behavior
Sanic should add an optional
secure
parameter todelete_cookie
method, so we can write something likeres.cookies.delete_cookie('session', secure=False)
.Then the page should say
logged in: NO
after visiting/logout
.How do you run Sanic?
As a script (
app.run
orSanic.serve
)Operating System
Linux
Sanic Version
v23.12.1
Additional context
No response
The text was updated successfully, but these errors were encountered: