Expiring a cookie

[erkde]

Hi there, am trying to figure how to clear/expire/delete a cookie - if this is possible? I have three pretty simple endpoints mocking a session, when you post in some credentials, it sets a cookie:

return res(
   ctx.cookie("auth-token", "random-string"),
   ctx.json({ authenticated: true })
)

when you get the session, it checks the cookie is there

return res(
  ctx.json({ authenticated: req.cookies["auth-token"] !== undefined })
)

and when you delete a session, it sets the expiry to the past:

const expires = new Date(moment().subtract(1, "second").toDate())
return res(
  ctx.cookie("auth-token", undefined, { expires })
  ctx.json({ authenticated: false })
)

the issue I'm seeing is, after deleting a session, even though the browser has cleared off the expired cookie, req.cookies("auth-token") still retains the old value on subsequent requests

[chrisguttandin]

Hi @erkde, thanks for reporting this. This was an oversight on my end. I made a PR to fix the issue in mswjs/cookies.

[erkde]

Thanks for looking into this @chrisguttandin - I've tried patching node_modules/@mswjs/cookies/lib/CookieStore.js with the change in your PR mswjs/cookies#6 but still seeing the same behaviour.

I've pushed a sample app https://github.com/erkde/expiring_msw_cookie, the cookie is correctly deleted when setting the expires to the past, but I'm guessing req.cookies is actually coming from localStorage MSW_COOKIE_STORE which doesn't seem to change?

[chrisguttandin]

Thanks for checking the PR. I think patching @mswjs/cookies will not have any effect since the code gets pre-bundled into the build files of mswjs.

It depends a bit on the bundler and how it's configured, for me it's node_modules/msw/lib/esm/index.js which I need to patch to run the newest code.

[erkde]

Ah! thanks @chrisguttandin - that works, can see it's now clearing both the cookie, and the entry in MSW_COOKIE_STORE when setting expires to the past.