You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recent changes to cookie handling appears to have broken cookie deletion when developing locally and testing on localhost. When the session is invalid and a refresh attempt fails, I'm still seeing the cookie in my browser's dev tools with an encoded value and expiration set over a year in the future.
I'm using the new authkit() middleware handler and manually handling the authorizationUrl redirect. If I don't manually delete the cookie, attempting to navigate to the returned authorizationUrl results in a redirect to https://error.workos.com/sso. Inspecting the returned authorizationUrl, it appears the redirect_uri query parameter is not included. Once I delete the cookie, the authorizationUrl appears to be correct once again.
Recent changes to cookie handling appears to have broken cookie deletion when developing locally and testing on
localhost. When the session is invalid and a refresh attempt fails, I'm still seeing the cookie in my browser's dev tools with an encoded value and expiration set over a year in the future.The error is being logged as follows:
I'm using the new
authkit()middleware handler and manually handling theauthorizationUrlredirect. If I don't manually delete the cookie, attempting to navigate to the returnedauthorizationUrlresults in a redirect to https://error.workos.com/sso. Inspecting the returnedauthorizationUrl, it appears theredirect_uriquery parameter is not included. Once I delete the cookie, theauthorizationUrlappears to be correct once again.Originally posted by @bdbergeron in #171 (comment)
The text was updated successfully, but these errors were encountered: