fix: correct cookie domain on logout

[wezzle]

Related issue

#645

Proposed changes

Checklist

• I have read the contributing guidelines.
  (Not sure what my commit message should've had as prefix?)
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further comments

[CLAassistant]

All committers have signed the CLA.

[aeneasr]

This influences the global cookie management, which effectively changes e.g. the continuity module behavior. Let's either have a dedicated store for session cookies, or fix this in the logout logic :)

Also, please add at least one failing test case to prevent future regression!

[wezzle]

@aeneasr I've just created a seperate CookieManager for the continuity module. If you'd rather have it the other way around I can refactor it but I had no idea of a good name (sessionSessionStore?)

As for the test perhaps you can guide me in the right direction. As far as I can see it is hard to test cookies with a different domain setting as the server is running on 127.0.0.1 and the http library does not send or accept cookies if the domain does not match. I've tried overriding the cookies using the CookieJar's SetCookies method but inserting a cookie with a different domain does not end up being sent.

[wezzle]

@aeneasr I know you're probably busy with the other projects but please let me know if there is anything I can do to get this issue fixed and merged.

[aeneasr]

Sorry for the long delay on this one, I was very deep into #624 and then we had a company retreat to plan the next milestones.

[aeneasr]

Awesome 🎉

Thank you for your contribution!