UNPKG

@foal/core

Version:

Full-featured Node.js framework, with no complexity

50 lines (49 loc) 2.08 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.removeSessionCookie = removeSessionCookie; // FoalTS const core_1 = require("../../../core"); const constants_1 = require("../constants"); /** * Deletes the browser cookie containing the session token. * * If the CSRF protection is enabled, it also deletes the CSRF cookie containing the CSRF token. * * If the `user` argument is true, it also deletes the "user" cookie. * * @export * @param {HttpResponse} response - The HTTP response * @param {boolean} [user] - Specify if the "user" cookie should be deleted. */ function removeSessionCookie(response, user) { const cookieName = core_1.Config.get('settings.session.cookie.name', 'string', constants_1.SESSION_DEFAULT_COOKIE_NAME); const csrfEnabled = core_1.Config.get('settings.session.csrf.enabled', 'boolean', false); let sameSite = core_1.Config.get('settings.session.cookie.sameSite', 'string'); if (csrfEnabled && sameSite === undefined) { sameSite = constants_1.SESSION_DEFAULT_SAME_SITE_ON_CSRF_ENABLED; } const options = { domain: core_1.Config.get('settings.session.cookie.domain', 'string'), maxAge: 0, path: core_1.Config.get('settings.session.cookie.path', 'string', constants_1.SESSION_DEFAULT_COOKIE_PATH), sameSite, secure: core_1.Config.get('settings.session.cookie.secure', 'boolean'), }; response.setCookie(cookieName, '', { ...options, httpOnly: core_1.Config.get('settings.session.cookie.httpOnly', 'boolean', constants_1.SESSION_DEFAULT_COOKIE_HTTP_ONLY), }); if (csrfEnabled) { const csrfCookieName = core_1.Config.get('settings.session.csrf.cookie.name', 'string', constants_1.SESSION_DEFAULT_CSRF_COOKIE_NAME); response.setCookie(csrfCookieName, '', { ...options, httpOnly: false, }); } if (user) { response.setCookie(constants_1.SESSION_USER_COOKIE_NAME, '', { ...options, httpOnly: false, }); } }