wipe cookies so atproto does not get stuck · evbogue.com/ANonAT@3bbbd1c

evbogue.com / ANonAT

fork atom

ANProto over ATProto -- using Bluesky PDSes to store ANProto messages and blobs

fork atom

wipe cookies so atproto does not get stuck

Everett Bogue 3 months ago 3bbbd1c2 f8aad1b5

+16

1 changed file

expand all

src

index.ts

+16

src/index.ts

··· 30 30 }, 31 31 } 32 32 33 + const clearSessionCookie = (res: express.Response) => { 34 + // Explicitly expire the session cookie to avoid stale cross-app sessions. 35 + const parts = [ 36 + `${sessionConfig.cookieName}=`, 37 + 'Path=/', 38 + 'Max-Age=0', 39 + 'HttpOnly', 40 + 'SameSite=Lax', 41 + ] 42 + if (sessionConfig.cookieOptions.secure) { 43 + parts.push('Secure') 44 + } 45 + res.setHeader('Set-Cookie', parts.join('; ')) 46 + } 47 + 33 48 app.use(express.json({ limit: '10mb' })) 34 49 app.use(express.urlencoded({ extended: true, limit: '2mb' })) 35 50 // Keep host consistent during the OAuth loopback flow: the OAuth libraries force ··· 145 160 app.post('/logout', async (req, res) => { 146 161 const session = await getIronSession(req, res, sessionConfig) 147 162 session.destroy() 163 + clearSessionCookie(res) 148 164 res.redirect('/') 149 165 }) 150 166