According to this question my code is not identical to the cookie, but it seems to be identical. Here is my cookie setting code:
res.cookie(
'access_token', 'Bearer '+ token, {
expires: new Date(Date.now() + 900000), // cookie will be removed after 15 mins
httpOnly: true
})
Here is my cookie deletion code:
app.get('/logout', function(req, res) {
res.clearCookie('access_token', { domain:'localhost', path: '/', httpOnly: true })
.redirect('http://localhost:4200/avior/login')
});
According to the Express JS API documentation the expiration/maxAge should not be set in the clearCookie method. That's exactly what I did. Is this a problem only because I use httpOnly?
Even I faced a similar problem in my angular project. I solved my issue by setting path:"/" while both creating and deleting cookies as below
res.cookie(
'access_token', 'Bearer '+ token, {
expires: new Date(Date.now() + 900000), // cookie will be removed after 15 mins
httpOnly: true,
path: '/'
})