@foal/core
Version:
Full-featured Node.js framework, with no complexity
50 lines (49 loc) • 2.08 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.removeSessionCookie = removeSessionCookie;
// FoalTS
const core_1 = require("../../../core");
const constants_1 = require("../constants");
/**
* Deletes the browser cookie containing the session token.
*
* If the CSRF protection is enabled, it also deletes the CSRF cookie containing the CSRF token.
*
* If the `user` argument is true, it also deletes the "user" cookie.
*
* @export
* @param {HttpResponse} response - The HTTP response
* @param {boolean} [user] - Specify if the "user" cookie should be deleted.
*/
function removeSessionCookie(response, user) {
const cookieName = core_1.Config.get('settings.session.cookie.name', 'string', constants_1.SESSION_DEFAULT_COOKIE_NAME);
const csrfEnabled = core_1.Config.get('settings.session.csrf.enabled', 'boolean', false);
let sameSite = core_1.Config.get('settings.session.cookie.sameSite', 'string');
if (csrfEnabled && sameSite === undefined) {
sameSite = constants_1.SESSION_DEFAULT_SAME_SITE_ON_CSRF_ENABLED;
}
const options = {
domain: core_1.Config.get('settings.session.cookie.domain', 'string'),
maxAge: 0,
path: core_1.Config.get('settings.session.cookie.path', 'string', constants_1.SESSION_DEFAULT_COOKIE_PATH),
sameSite,
secure: core_1.Config.get('settings.session.cookie.secure', 'boolean'),
};
response.setCookie(cookieName, '', {
...options,
httpOnly: core_1.Config.get('settings.session.cookie.httpOnly', 'boolean', constants_1.SESSION_DEFAULT_COOKIE_HTTP_ONLY),
});
if (csrfEnabled) {
const csrfCookieName = core_1.Config.get('settings.session.csrf.cookie.name', 'string', constants_1.SESSION_DEFAULT_CSRF_COOKIE_NAME);
response.setCookie(csrfCookieName, '', {
...options,
httpOnly: false,
});
}
if (user) {
response.setCookie(constants_1.SESSION_USER_COOKIE_NAME, '', {
...options,
httpOnly: false,
});
}
}