unable to delete mfa cookie on production
ccastillop opened this issue · comments
Cristiam Castillo commented
Hello,
When calling UserMfaSession.destroy
the mfa_credentials cookie is not destroyed at all.
It seems the GoogleAuthenticatorRails.destroy
method requires the current domain as specified on https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html
I will send a PR for that
Alfred Dominic commented
if you're using cookies the method to be used to delete the cookie is via UserMfaSession::destroy
. right?
Jared McFarland commented
Yep!