Fix logout to clear both legacy and shared domain cookies

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 17:38:14 +00:00
parent 1d463352a7
commit 82cb1cf711
3 changed files with 62 additions and 50 deletions
--- a/server.py
+++ b/server.py
@@ -451,7 +451,10 @@ async def ui_register_submit(request: Request):
 async def logout():
    """Handle logout - clear cookie and redirect to home."""
    response = RedirectResponse(url="/", status_code=302)
-    response.delete_cookie("auth_token", domain=COOKIE_DOMAIN)
+    # Delete both legacy (no domain) and new (shared domain) cookies
+    response.delete_cookie("auth_token")
+    if COOKIE_DOMAIN:
+        response.delete_cookie("auth_token", domain=COOKIE_DOMAIN)
    return response