Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃悰 [Bug]: (c *fiber.Ctx).ClearCookie() does absolutely nothing #2878

Open
3 tasks done
iacore opened this issue Feb 24, 2024 · 6 comments
Open
3 tasks done

馃悰 [Bug]: (c *fiber.Ctx).ClearCookie() does absolutely nothing #2878

iacore opened this issue Feb 24, 2024 · 6 comments
Labels
鈽笍 Bug

Comments

@iacore
Copy link

iacore commented Feb 24, 2024
edited

Bug Description

Setting the cookie is fine. The gofiber server responds with this header, which sets the cookie.

Set-Cookie: __Host-pixivfe-ImageProxy=https://i.pixiv.re; expires=Mon, 25 Mar 2024 15:06:10 GMT; path=/; HttpOnly; secure; SameSite=Strict

However, the server can't reset it.

Neither c.ClearCookie(name) or c.ClearCookie() work.

How to Reproduce

Steps to reproduce the behavior:

  1. Set the cookie above in browser
  2. have a server call c.ClearCookie
  3. See in Developer Tool > Storage > Cookies. cookie still there.

Expected Behavior

cookie cleared

Fiber Version

v2.52.0

Workaround

Set the cookie with no value and an expiration date in the past.

Checklist:

  • I agree to follow Fiber's Code of Conduct.
  • I have checked for existing issues that describe my problem prior to opening this one.
  • I understand that improperly formatted bug reports may be closed without explanation.
@welcome Welcome
Copy link

welcome bot commented Feb 24, 2024

Thanks for opening your first issue here! 馃帀 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

@iacore
Copy link
Author

iacore commented Feb 24, 2024
edited

I think the problem is that when unsetting the cookie, the header looks like this:

Set-Cookie: KEY=; expires=<SOME DATE>

I remember that the other fields need to perfectly match to clear a cookie.

@brunodmartins
Copy link
Contributor

brunodmartins commented Feb 25, 2024
edited

The fasthttp client has this documentation:

// DelClientCookie instructs the client to remove the given cookie.
// This doesn't work for a cookie with specific domain or path,
// you should delete it manually like:
//
//	c := AcquireCookie()
//	c.SetKey(key)
//	c.SetDomain("example.com")
//	c.SetPath("/path")
//	c.SetExpire(CookieExpireDelete)
//	h.SetCookie(c)
//	ReleaseCookie(c)
//
// Use DelCookie if you want just removing the cookie from response header.
func (h *ResponseHeader) DelClientCookie(key string) {
	h.DelCookie(key)

	c := AcquireCookie()
	c.SetKey(key)
	c.SetExpire(CookieExpireDelete)
	h.SetCookie(c)
	ReleaseCookie(c)
}

Maybe the problem happens when the cookie has a path. Maybe new method to delete the cookie manually by passing a Cookie struct could exist

@brunodmartins
Copy link
Contributor

Original issue: valyala/fasthttp#951

@adharshmk96
Copy link

I ended up using this utility

func ClearCookies(c *fiber.Ctx, key ...string) {
	for i := range key {
		c.Cookie(&fiber.Cookie{
			Name:    key[i],
			Expires: time.Now().Add(-time.Hour * 24),
			Value:   "",
		})
	}
}

and use it like

utils.ClearCookies(c, "token_account")

@gaby
Copy link
Member

gaby commented Mar 27, 2024

@ReneWerner87 Could we incorporate the above in the framework?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
鈽笍 Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gaby @brunodmartins @adharshmk96 @iacore