fix(login): fix case where an invalid socketToken cookie would prev…

…ent a user from ever being able to log in
nodecg · Mar 8, 2017 · 7392249 · 7392249
1 parent ba296cd
commit 7392249
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/lib/util/authcheck.js b/lib/util/authcheck.js
@@ -44,8 +44,11 @@ module.exports = function (req, res, next) {
 				// Ensure we delete the existing cookie so that it doesn't become poisoned
 				// and cause an infinite login loop.
 				req.session.destroy(() => {
-					res.clearCookie('connect.sid', {path: '/'});
-					res.clearCookie('socketToken', {path: '/'});
+					res.clearCookie('socketToken', {
+						path: '/',
+						domain,
+						secure: config.ssl && config.ssl.enabled
+					});
 					res.redirect('/login');
 				});
 			}