From 1f9d1531a2310cd7208efcda2f81a0e81c312d7b Mon Sep 17 00:00:00 2001
From: Bradley Shellnut <bradleyshellnut@protonmail.com>
Date: Mon, 26 Apr 2021 13:23:05 -0700
Subject: [PATCH] Fixed logout.

---
 api/src/accounts/logUserOut.js | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/api/src/accounts/logUserOut.js b/api/src/accounts/logUserOut.js
index 3f3a865..edb801b 100644
--- a/api/src/accounts/logUserOut.js
+++ b/api/src/accounts/logUserOut.js
@@ -1,6 +1,5 @@
 import jwt from 'jsonwebtoken'
-
-const JWTSignature = process.env.JWT_SIGNATURE
+const { ROOT_DOMAIN, JWT_SIGNATURE } = process.env
 
 export async function logUserOut(request, reply) {
   try {
@@ -9,12 +8,19 @@ export async function logUserOut(request, reply) {
     if (request?.cookies?.refreshToken) {
       const { refreshToken } = request.cookies
       // Decode refresh token
-      const { sessionToken } = jwt.verify(refreshToken, JWTSignature)
+      const { sessionToken } = jwt.verify(refreshToken, JWT_SIGNATURE)
       // Delete database record for session
       await session.deleteOne({ sessionToken })
     }
+    const cookieOptions = {
+      path: '/',
+      domain: ROOT_DOMAIN,
+      httpOnly: true,
+      secure: true,
+    }
+
     // Remove cookies
-    reply.clearCookie('refreshToken').clearCookie('accessToken')
+    reply.clearCookie('refreshToken', cookieOptions).clearCookie('accessToken', cookieOptions)
   } catch (e) {
     console.error(e);
   }