Add domain to all cookie actions

TrWesche · TrWesche · commit 973e592b41ef · 2021-01-17T18:29:45.000-06:00
diff --git a/helpers/authHandling.js b/helpers/authHandling.js
@@ -9,11 +9,11 @@ class AuthHandling {
         const split_token = token.split(".");
 
         // Javascript Enabled Cookie - Full JWT
-        queryRes.cookie("sid", token, {httpOnly: false, maxAge: 86400000, secure: true, sameSite: "None", path: '/', domain: "twesche.com"});
+        queryRes.cookie("sid", token, {httpOnly: false, maxAge: 86400000, secure: true, sameSite: "None", path: '/', domain: ".twesche.com"});
         // queryRes.cookie("sid", token, {httpOnly: false, maxAge: 86400000, path: '/', domain: "twesche.com"});
 
         // HTTP Only Cookie - JWT Signature Only
-        queryRes.cookie("_sid", split_token[2], {httpOnly: true, maxAge: 86400000, secure: true, sameSite: "None", path: '/', domain: "twesche.com"});
+        queryRes.cookie("_sid", split_token[2], {httpOnly: true, maxAge: 86400000, secure: true, sameSite: "None", path: '/', domain: ".twesche.com"});
         // queryRes.cookie("_sid", split_token[2], {httpOnly: true, maxAge: 86400000, path: '/', domain: "twesche.com"});
     }
 
diff --git a/routes/merchants.js b/routes/merchants.js
@@ -57,8 +57,8 @@ merchantRouter.post('/about', ensureIsMerchant, async (req, res, next) => {
         
 merchantRouter.get("/logout", async (req, res, next) => {
     try {
-        res.clearCookie('sid');
-        res.clearCookie('_sid');
+        res.clearCookie('sid', {domain: '.twesche.com'});
+        res.clearCookie('_sid', {domain: '.twesche.com'});
 
         return res.json({"message": "Logout successful."})    
     } catch (error) {
@@ -239,8 +239,8 @@ merchantRouter.delete("/delete", ensureIsMerchant, async (req, res, next) => {
             throw new ExpressError("Unable to delete target user account", 404);
         }
 
-        res.clearCookie('sid');
-        res.clearCookie('_sid');
+        res.clearCookie('sid', {domain: '.twesche.com'});
+        res.clearCookie('_sid', {domain: '.twesche.com'});
         return res.json({message: "Your account has been deleted."})
     } catch (error) {
         return next(error);
diff --git a/routes/users.js b/routes/users.js
@@ -102,8 +102,8 @@ userRouter.delete("/delete", ensureIsUser, async (req, res, next) => {
             throw new ExpressError("Unable to delete target user account", 404);
         }
 
-        res.clearCookie('sid', {domain: 'twesche.com'});
-        res.clearCookie('_sid', {domain: 'twesche.com'});
+        res.clearCookie('sid', {domain: '.twesche.com'});
+        res.clearCookie('_sid', {domain: '.twesche.com'});
         return res.json({message: "Your account has been deleted."})
     } catch (error) {
         return next(error);
@@ -119,8 +119,8 @@ userRouter.delete("/delete", ensureIsUser, async (req, res, next) => {
 
 userRouter.get("/logout", async (req, res, next) => {
     try {
-        res.clearCookie('sid', {domain: 'twesche.com'});
-        res.clearCookie('_sid', {domain: 'twesche.com'});
+        res.clearCookie('sid', {domain: '.twesche.com'});
+        res.clearCookie('_sid', {domain: '.twesche.com'});
 
         return res.json({"message": "Logout successful."})
     } catch (error) {
