I'm working on my Django website, and I can't delete the JWT auth cookie upon logout. Here's my code for the logout view:
@api_view(['GET'])
def LogoutUser(request):
response = Response("logging out", status=status.HTTP_200_OK)
response.delete_cookie("jwt_token", path="/")
return response
It's supposed to delete the jwt_token cookie, which is the JWT auth cookie with the JWT, but for some reason it only works in my development environment (runsever), but not when it's running inside a Docker container.
I tried setting a cookie with the same name but changing the expiry to 0, but that doesn't work.
Here's the function that sets the cookie:
def GetNewTokenPairResponse(new_refresh_token):
new_access_token = new_refresh_token.access_token
user_id = jwt.decode(str(new_access_token), settings.SECRET_KEY, algorithms=["HS256"])["user_id"]
user = User.objects.get(pk=user_id)
user_data = UserSerializer(user).data
user_data.pop("password")
new_jwt_token = {
"access_token": str(new_access_token),
"refresh_token": str(new_refresh_token),
}
response = Response(user_data, status=status.HTTP_200_OK)
response.set_cookie("jwt_token", json.dumps(new_jwt_token), httponly=settings.JWT_HTTPONLY,secure=settings.JWT_SECURE,samesite=settings.JWT_SAMESITE, max_age=settings.JWT_COOKIE_MAX_AGE, path="/")
return response
You can logout simply like this
@api_view(['GET'])
def LogoutUser(request):
# simply delete the token to force a login
request.user.auth_token.delete()
return Response(status=status.HTTP_200_OK)