Fallowing logoutURL does not remove the session cookie. #1584
Comments
aeneasr
added a commit
that referenced
this issue
Jul 23, 2021
Before, the logout endpoint would invalidate the session cookie, but not remove it. This was a regression introduced in 0.7.0. This patch resolves that issue. Closes #1584
aeneasr
added a commit
that referenced
this issue
Jul 23, 2021
Before, the logout endpoint would invalidate the session cookie, but not remove it. This was a regression introduced in 0.7.0. This patch resolves that issue. Closes #1584
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Fallowing the logoutUrl generated by
kratosClient.createSelfServiceLogoutFlowUrlForBrowsers()does not remove theory_kratos_sessioncookie.Reproducing the bug
Steps to reproduce the behavior:
Fallow this guide to bring up the environment
https://www.ory.sh/kratos/docs/guides/zero-trust-iap-proxy-identity-access-proxy/#running-ory-kratos-and-the-ory-oathkeeper-identity-and-access-proxy
Navigate to http://127.0.0.1:4455
Register anuser
Logout
Check the browser cookies. The
ory_kratos_sessioncookie is still present.Server logs
Server configuration
Expected behavior
In the previous version (v0.6.1) the cookie was automatically removed.
Environment
Additional context
Discussion about the issue and how affects our use case:
#1582
The text was updated successfully, but these errors were encountered: