set_cookie_response when hosted on AWS

[Estateira]

Hello,
I have a shiny application hosted on AWS, and would like to expire the following http-only cookies: AWSELBAuthSessionCookie-0 and AWSELBAuthSessionCookie-1 after the user clicks on the signout button, so I triggered an observeEvent
and I wanted to use the function set_cookie_response twice, I set the following parameters
cookie_name=AWSELBAuthSessionCookie-0 resp. AWSELBAuthSessionCookie-1,
cookie_value= "",
expiration=-1
http_only=T)

(the redirect is implemented via a separate session$sendCustomMessage, so therefore the redirect parameter of this function is set to NULL.
However this does not work and the cookies do not get deleted unfortunately, I think the problem might be partially due to the fact, that the cookie value is required and I can not determine the cookie value, so the value/name pair would be invalid. or is there any other underlying issue in this approach?

Any suggestions what I would be needing to do solving this issue?

Thank you

[jonthegeek]

Hmm. I've only used set_cookie_response() on load. Are you able to use it to set cookies in the first place?

Since they're http_only, I wouldn't expect it to work when triggered via Shiny (which triggers via JavaScript).

If it's working otherwise, try 0 for the expiration. That should expire the cookie.

[jonthegeek]

It's POSSIBLE this was impacted by the bug that's being fixed in #50. Are you still having issues (after that's merged and you install the dev version)?

[jonthegeek]

After further experimentation, this is definitely the result of the cookie being set to http_only = TRUE. That specifically means you can't update it via javascript, and thus you can't delete it via javascript.

Let me know if you need help sorting out how to deal with this! The simplest solution would be to leave http_only at the deafult FALSE.