I am trying to delete a cookie on the client-side and after calling ctx.ClearCookie() the cookie is still there
Any thoughts on this issue?
Code snippet _Optional_
c.ClearCookie("refreshtoken")
petersephrin
All 14 comments
Thanks for opening your first issue here! 馃帀 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord
![welcome[bot] picture](https://avatars0.githubusercontent.com/in/4141?v=4&s=40)
welcome[bot]
on 30 Jul 2020
Hi @petersephrin, what version are you using? I tested it on v1.13.3 and it seems to work just fine.
package main
import (
"log"
"time"
"github.com/gofiber/fiber"
)
func main() {
app := fiber.New()
app.Get("/set", func(c *fiber.Ctx) {
// Create cookie
cookie := new(fiber.Cookie)
cookie.Name = "john"
cookie.Value = "doe"
cookie.Expires = time.Now().Add(24 * time.Hour)
// Set cookie
c.Cookie(cookie)
})
app.Get("/del", func(c *fiber.Ctx) {
// Delete cookie
c.ClearCookie("john")
})
log.Fatal(app.Listen(3000))
}
Fenny
on 31 Jul 2020
I am using v1.13.3 as well but it's still not deleting the cookie. I am not sure what I'm doing wrong
petersephrin
on 31 Jul 2020
Actually it turns out there is an issue in the route name. Can someone try this and see if you can reproduce the error.
route /del/delete Doesn't work
app.Get("/del/delete", func(c *fiber.Ctx) {
// Delete cookie
c.ClearCookie("john")
})
route /del works
app.Get("/del", func(c *fiber.Ctx) {
// Delete cookie
c.ClearCookie("john")
})
@petersephrin, I had no problems using /del/delete. Could you share the whole code ( including how you set the cookie? )
Fenny
on 1 Aug 2020
this is how I set up the cookie
func StoreARTokenAsCookie(c *fiber.Ctx, name string, token models.RefreshToken) {
cookie := new(fiber.Cookie)
cookie.Name = name
cookie.Value = token.Token
cookie.Expires = token.ExpiresAt
c.Cookie(cookie)
}
I even copied your code above with the set and del routes and changed it to del/delete and it didn't work for me. I'm not sure what's the issue on my side but if I figure it out I'll let you know
petersephrin
on 1 Aug 2020
I'm also having the same issue
RizeXor
on 4 Aug 2020
Same issue /logout works but not /api/v1/auth/logout.
Reproducible code:
package main
import (
"time"
"github.com/dgrijalva/jwt-go"
"github.com/gofiber/fiber"
jwtware "github.com/gofiber/jwt"
)
func main() {
app := fiber.New()
// Login route
app.Post("/login", login)
// Unauthenticated route
app.Get("/", accessible)
app.Delete("/api/v1/auth/logout", logout)
// JWT Middleware
app.Use(jwtware.New(jwtware.Config{
SigningKey: []byte("secret"),
}))
// Restricted Routes
app.Get("/restricted", restricted)
app.Listen(3000)
}
func logout(c *fiber.Ctx) {
c.ClearCookie()
}
func login(c *fiber.Ctx) {
user := c.FormValue("user")
pass := c.FormValue("pass")
// Throws Unauthorized error
if user != "john" || pass != "doe" {
c.SendStatus(fiber.StatusUnauthorized)
return
}
// Create token
token := jwt.New(jwt.SigningMethodHS256)
// Set claims
claims := token.Claims.(jwt.MapClaims)
claims["name"] = "John Doe"
claims["admin"] = true
claims["exp"] = time.Now().Add(time.Hour * 72).Unix()
// Generate encoded token and send it as response.
t, err := token.SignedString([]byte("secret"))
if err != nil {
c.SendStatus(fiber.StatusInternalServerError)
return
}
c.JSON(fiber.Map{"token": t})
c.Cookie(generateCookie(t))
}
func accessible(c *fiber.Ctx) {
c.Send("Accessible")
}
func restricted(c *fiber.Ctx) {
user := c.Locals("user").(*jwt.Token)
claims := user.Claims.(jwt.MapClaims)
name := claims["name"].(string)
c.Send("Welcome " + name)
}
func generateCookie(token string) *fiber.Cookie {
cookie := new(fiber.Cookie)
cookie.Name = "jid"
cookie.Value = token
cookie.Expires = time.Now().Add(24 * time.Hour)
return cookie
}
I'm also experiencing this. This code is used to set the cookie (route is /auth/login):
c.Cookie(&fiber.Cookie{
Name: "token",
Value: tokenString,
Expires: expiryTime,
Secure: !config.DebugMode, // false
HTTPOnly: true,
SameSite: "lax",
})
and it won't be cleared by ctx.ClearCookie(). However, it can be cleared using this - the exact same call just with a different value and expiry (route is /auth/logout).
c.Cookie(&fiber.Cookie{
Name: "token",
Value: "deleted",
Expires: time.Now().Add(-(time.Hour * 2)), // Add negative time means it happens in the past :P
Secure: !config.DebugMode, // false
HTTPOnly: true,
SameSite: "lax",
})
codemicro
on 4 Aug 2020
After debugging for a while, some web browsers / clients do not delete the cookie if any cookie properties ( set previously ) do not match.
I have updated the docs with this disclaimer https://docs.gofiber.io/ctx#clearcookie
The example of @codemicro would be your safest bet
Fenny
on 4 Aug 2020
I'm also experiencing this
seefs001
on 8 Oct 2020
@seefs001, could you provide an example code to reproduce the issue?
Fenny
on 8 Oct 2020
I'm also experiencing this. This code is used to set the cookie (route is
/auth/login):c.Cookie(&fiber.Cookie{ Name: "token", Value: tokenString, Expires: expiryTime, Secure: !config.DebugMode, // false HTTPOnly: true, SameSite: "lax", })and it won't be cleared by
ctx.ClearCookie(). However, it can be cleared using this - the exact same call just with a different value and expiry (route is/auth/logout).c.Cookie(&fiber.Cookie{ Name: "token", Value: "deleted", Expires: time.Now().Add(-(time.Hour * 2)), // Add negative time means it happens in the past :P Secure: !config.DebugMode, // false HTTPOnly: true, SameSite: "lax", })
Sorry, I accidentally ignored this reply, now it is working
seefs001
on 8 Oct 2020
Related issues
abowloflrf
路
4Comments
ahan
路
3Comments
mewben
路
3Comments
peterbourgon
路
4Comments
mhf-ir
路
3Comments
Most helpful comment
I'm also experiencing this. This code is used to set the cookie (route is
/auth/login):and it won't be cleared by
ctx.ClearCookie(). However, it can be cleared using this - the exact same call just with a different value and expiry (route is/auth/logout).