Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove cookie on signout by specifying domain #278

Merged
merged 2 commits into from
May 22, 2018
Merged

Remove cookie on signout by specifying domain #278

merged 2 commits into from
May 22, 2018

Conversation

stevenharman
Copy link
Contributor

This builds on #266, but also handles the case of localhost.

As mentioned in #266 and #194, IntercomRails::ShutdownHelper.intercom_shutdown does not actually remove the cookie. Meaning folks aren't actually signed out! This happens because the intercom-session-INTERCOM_ID cookie is set with a domain value. Thus, we need to include the same value as the :domain key when removing the cookie. The Rails docs say as much

This PR builds atop @BastienL by also handling the case of localhost correctly.

This needs attention 🔜 as it's an open security and privacy issue for all users of intercom-rails.

BastienL and others added 2 commits February 28, 2018 21:03
@BastienL @stevenharman
Fixes GitHub issue intercom#194
bb06d83
@stevenharman
Include domain when present & not nil
d8dd37b 
Adding the `domain` key to the cookie when it's either not present, or
`localhost` results in the cookie not being deleted. The code already
handled the nil case, but not the `localhost` case. This handles both.
@milakoeva milakoeva mentioned this pull request Apr 10, 2018
Merged
@SirRawlins
Copy link

So, who do I got to tickle @intercom to get this merged in?

@danielhusar
Copy link
Contributor

Looks great, thank you!

@danielhusar danielhusar merged commit ef29f56 into intercom:master May 22, 2018
@danielhusar danielhusar mentioned this pull request May 22, 2018
Closed
@danielhusar
Copy link
Contributor

This is now available in v0.4.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielhusar danielhusar danielhusar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@stevenharman @SirRawlins @danielhusar @BastienL