From 0235a4c52b54d5c8fa12cf0d3b91c9e15b47dd75 Mon Sep 17 00:00:00 2001
From: john <me@johnmorr.is>
Date: Tue, 20 May 2025 23:36:14 +0200
Subject: [PATCH] set cookie options when deleting a cookie?

---
 .../Sessions/HttpContextSessionExtensions.cs  | 25 +++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/Femto.Api/Sessions/HttpContextSessionExtensions.cs b/Femto.Api/Sessions/HttpContextSessionExtensions.cs
index ec41df2..f8f93b9 100644
--- a/Femto.Api/Sessions/HttpContextSessionExtensions.cs
+++ b/Femto.Api/Sessions/HttpContextSessionExtensions.cs
@@ -62,7 +62,28 @@ internal static class HttpContextSessionExtensions
 
     public static void DeleteSession(this HttpContext httpContext)
     {
-        httpContext.Response.Cookies.Delete("session");
-        httpContext.Response.Cookies.Delete("user");
+        var cookieSettings = httpContext.RequestServices.GetService<IOptions<CookieSettings>>();
+        
+        var secure = cookieSettings?.Value.Secure ?? true;
+        var sameSite = secure ? SameSiteMode.None : SameSiteMode.Unspecified;
+        var domain = cookieSettings?.Value.Domain;
+        
+        httpContext.Response.Cookies.Delete("session", new CookieOptions
+        {
+            HttpOnly = true,
+            Domain = domain,
+            IsEssential = true,
+            Secure = secure,
+            SameSite = sameSite,
+            Expires = DateTimeOffset.UtcNow.AddDays(-1),
+        });
+        httpContext.Response.Cookies.Delete("user", new CookieOptions
+        {
+            Domain = domain,
+            IsEssential = true,
+            Secure = secure,
+            SameSite = sameSite,
+            Expires = DateTimeOffset.UtcNow.AddDays(-1),
+        });
     }
 }