New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not possible to delete a cookie with the same name from multiple domains #139

Closed
renekliment opened this Issue Apr 6, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@renekliment
Copy link

renekliment commented Apr 6, 2018

  • bug report? yes
  • feature request? no
  • version: 2.4.5, the code in master looks the same

Description

Due to Response::setCookie() calling Helpers::removeDuplicateCookies(), it is not possible to delete a cookie with the same name from multiple domains.

Came upon it today when I found out there may be accidental cookies for subdomains in our project instead of one cookie for our root domain. Tried to delete all the cookies in the subdomains using Response, but failed.

A naive solution would be to put the Helpers::removeDuplicateCookies() call in a condition, which could be controlled by a parameter of Response::setCookie(), the same for Response::deleteCookie(), but these methods can be called from anywhere and even one call w/o the flag to not call the Helpers::removeDuplicateCookies() would break it.
Having this setting as a settable class property would probably work.
Actually I don't know why the Helpers::removeDuplicateCookies() is there, so I cannot really tell if it would make sense.

Steps To Reproduce

$response->deleteCookie('lang', null, 'sub.domain.com');
$response->deleteCookie('lang', null, 'domain.com');

dg added a commit that referenced this issue Sep 3, 2018

@dg dg closed this in 60d76c0 Sep 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment