Commit 8942b070 authored by Harrison Healey's avatar Harrison Healey

MM-13446 Properly clear MMUSERID cookie when EnableCookiesForSubdomains is on (#2188)

parent 5d381fef
......@@ -27,6 +27,7 @@ import {handleNewPost} from 'actions/post_actions.jsx';
import {stopPeriodicStatusUpdates} from 'actions/status_actions.jsx';
import {loadNewDMIfNeeded, loadNewGMIfNeeded, loadProfilesForSidebar} from 'actions/user_actions.jsx';
import {closeRightHandSide, closeMenu as closeRhsMenu, updateRhsState} from 'actions/views/rhs';
import {clearUserCookie} from 'actions/views/root';
import {close as closeLhs} from 'actions/views/lhs';
import * as WebsocketActions from 'actions/websocket_actions.jsx';
import AppDispatcher from 'dispatcher/app_dispatcher.jsx';
......@@ -355,7 +356,9 @@ export function emitUserLoggedOutEvent(redirectTo = '/', shouldSignalLogout = tr
BrowserStore.clear();
stopPeriodicStatusUpdates();
WebsocketActions.close();
document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/';
clearUserCookie();
browserHistory.push(redirectTo);
}).catch(() => {
browserHistory.push(redirectTo);
......
......@@ -36,3 +36,10 @@ export function loadTranslations(locale, url) {
}).catch(() => {}); // eslint-disable-line no-empty-function
};
}
export function clearUserCookie() {
// We need to clear the cookie both with and without the domain set because we can't tell if the server set
// the cookie with it. At this time, the domain will be set if ServiceSettings.EnableCookiesForSubdomains is true.
document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;path=/';
document.cookie = `MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;domain=${window.location.hostname};path=/`;
}
......@@ -12,6 +12,7 @@ import configureServiceStore from 'mattermost-redux/store';
import reduxInitialState from 'mattermost-redux/store/initial_state';
import {storageRehydrate} from 'actions/storage';
import {clearUserCookie} from 'actions/views/root';
import appReducer from 'reducers';
import {transformSet} from 'store/utils';
import {detect} from 'utils/network.js';
......@@ -148,7 +149,7 @@ export default function configureStore(initialState) {
purging = true;
persistor.purge().then(() => {
document.cookie = 'MMUSERID=;expires=Thu, 01 Jan 1970 00:00:01 GMT;';
clearUserCookie();
// Preserve any query string parameters on logout, including parameters
// used by the application such as extra and redirect_to.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment