When redirecting user to loggedout also clear the cookies
ryan-lane opened this issue · comments
Ryan Lane commented
We've run into situations where the CSRF tokens aren't always fully purged for some reason and users end up with two tokens, which causes them failures. When users are logged out, the JS should additionally clear all cookies associated with the domain, as an extra reliability measure.
Ryan Lane commented
Looks like the cases we're seeing this it's due to conflicting XSRF cookies in a domain, so the proper fix is to use a cookie name that's unique to confidant.
Ryan Lane commented
Fixed in 1.3.0