Commit 8942b070 authored by Harrison Healey's avatar Harrison Healey

MM-13446 Properly clear MMUSERID cookie when EnableCookiesForSubdomains is on (#2188)

parent 5d381fef
...@@ -27,6 +27,7 @@ import {handleNewPost} from 'actions/post_actions.jsx'; ...@@ -27,6 +27,7 @@ import {handleNewPost} from 'actions/post_actions.jsx';
import {stopPeriodicStatusUpdates} from 'actions/status_actions.jsx'; import {stopPeriodicStatusUpdates} from 'actions/status_actions.jsx';
import {loadNewDMIfNeeded, loadNewGMIfNeeded, loadProfilesForSidebar} from 'actions/user_actions.jsx'; import {loadNewDMIfNeeded, loadNewGMIfNeeded, loadProfilesForSidebar} from 'actions/user_actions.jsx';
import {closeRightHandSide, closeMenu as closeRhsMenu, updateRhsState} from 'actions/views/rhs'; import {closeRightHandSide, closeMenu as closeRhsMenu, updateRhsState} from 'actions/views/rhs';
import {clearUserCookie} from 'actions/views/root';
import {close as closeLhs} from 'actions/views/lhs'; import {close as closeLhs} from 'actions/views/lhs';
import * as WebsocketActions from 'actions/websocket_actions.jsx'; import * as WebsocketActions from 'actions/websocket_actions.jsx';
import AppDispatcher from 'dispatcher/app_dispatcher.jsx'; import AppDispatcher from 'dispatcher/app_dispatcher.jsx';
...@@ -355,7 +356,9 @@ export function emitUserLoggedOutEvent(redirectTo = '/', shouldSignalLogout = tr ...@@ -355,7 +356,9 @@ export function emitUserLoggedOutEvent(redirectTo = '/', shouldSignalLogout = tr
BrowserStore.clear(); BrowserStore.clear();
stopPeriodicStatusUpdates(); stopPeriodicStatusUpdates();
WebsocketActions.close(); WebsocketActions.close();
document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/';
clearUserCookie();
browserHistory.push(redirectTo); browserHistory.push(redirectTo);
}).catch(() => { }).catch(() => {
browserHistory.push(redirectTo); browserHistory.push(redirectTo);
......
...@@ -36,3 +36,10 @@ export function loadTranslations(locale, url) { ...@@ -36,3 +36,10 @@ export function loadTranslations(locale, url) {
}).catch(() => {}); // eslint-disable-line no-empty-function }).catch(() => {}); // eslint-disable-line no-empty-function
}; };
} }
export function clearUserCookie() {
// We need to clear the cookie both with and without the domain set because we can't tell if the server set
// the cookie with it. At this time, the domain will be set if ServiceSettings.EnableCookiesForSubdomains is true.
document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/';
document.cookie = `MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;domain=${window.location.hostname};path=/`;
}
...@@ -12,6 +12,7 @@ import configureServiceStore from 'mattermost-redux/store'; ...@@ -12,6 +12,7 @@ import configureServiceStore from 'mattermost-redux/store';
import reduxInitialState from 'mattermost-redux/store/initial_state'; import reduxInitialState from 'mattermost-redux/store/initial_state';
import {storageRehydrate} from 'actions/storage'; import {storageRehydrate} from 'actions/storage';
import {clearUserCookie} from 'actions/views/root';
import appReducer from 'reducers'; import appReducer from 'reducers';
import {transformSet} from 'store/utils'; import {transformSet} from 'store/utils';
import {detect} from 'utils/network.js'; import {detect} from 'utils/network.js';
...@@ -148,7 +149,7 @@ export default function configureStore(initialState) { ...@@ -148,7 +149,7 @@ export default function configureStore(initialState) {
purging = true; purging = true;
persistor.purge().then(() => { persistor.purge().then(() => {
document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;'; clearUserCookie();
// Preserve any query string parameters on logout, including parameters // Preserve any query string parameters on logout, including parameters
// used by the application such as extra and redirect_to. // used by the application such as extra and redirect_to.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment