From 773c35ebc320ae7ba2f6a300f490b7eb6df1f705 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Thu, 5 Oct 2023 22:10:07 -0400
Subject: [PATCH] fix: Correctly clear accessToken when logging out.

Token is correctly rotated on the server, it just isnt correctly removed on the client.
closes #5940
---
 server/routes/api/auth/auth.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/routes/api/auth/auth.ts b/server/routes/api/auth/auth.ts
index 2bd993413..952f10401 100644
--- a/server/routes/api/auth/auth.ts
+++ b/server/routes/api/auth/auth.ts
@@ -2,7 +2,7 @@ import { subHours, subMinutes } from "date-fns";
 import Router from "koa-router";
 import uniqBy from "lodash/uniqBy";
 import { TeamPreference } from "@shared/types";
-import { getCookieDomain, parseDomain } from "@shared/utils/domains";
+import { parseDomain } from "@shared/utils/domains";
 import env from "@server/env";
 import auth from "@server/middlewares/authentication";
 import { transaction } from "@server/middlewares/transaction";
@@ -180,8 +180,8 @@ router.post(
     );
 
     ctx.cookies.set("accessToken", "", {
+      sameSite: "lax",
       expires: subMinutes(new Date(), 1),
-      domain: getCookieDomain(ctx.hostname, env.isCloudHosted),
     });
 
     ctx.body = {