I'm working on my Django website, and I can't delete the JWT auth cookie upon logout. Here's my code for the logout view:
@api_view(['GET'])
def LogoutUser(request):
response = Response("logging out", status=status.HTTP_200_OK)
response.delete_cookie("jwt_token", path="/")
return response
It's supposed to delete the jwt_token cookie, which is the JWT auth cookie with the JWT, but for some reason it only works in my development environment (runsever), but not when it's running inside a Docker container.
I tried setting a cookie with the same name but changing the expiry to 0, but that doesn't work.
Here's the function that sets the cookie:
def GetNewTokenPairResponse(new_refresh_token):
new_access_token = new_refresh_token.access_token
user_id = jwt.decode(str(new_access_token), settings.SECRET_KEY, algorithms=["HS256"])["user_id"]
user = User.objects.get(pk=user_id)
user_data = UserSerializer(user).data
user_data.pop("password")
new_jwt_token = {
"access_token": str(new_access_token),
"refresh_token": str(new_refresh_token),
}
response = Response(user_data, status=status.HTTP_200_OK)
response.set_cookie("jwt_token", json.dumps(new_jwt_token), httponly=settings.JWT_HTTPONLY,secure=settings.JWT_SECURE,samesite=settings.JWT_SAMESITE, max_age=settings.JWT_COOKIE_MAX_AGE, path="/")
return response
I'm working on my Django website, and I can't delete the JWT auth cookie upon logout. Here's my code for the logout view:
@api_view(['GET'])
def LogoutUser(request):
response = Response("logging out", status=status.HTTP_200_OK)
response.delete_cookie("jwt_token", path="/")
return response
It's supposed to delete the jwt_token cookie, which is the JWT auth cookie with the JWT, but for some reason it only works in my development environment (runsever), but not when it's running inside a Docker container.
I tried setting a cookie with the same name but changing the expiry to 0, but that doesn't work.
Here's the function that sets the cookie:
def GetNewTokenPairResponse(new_refresh_token):
new_access_token = new_refresh_token.access_token
user_id = jwt.decode(str(new_access_token), settings.SECRET_KEY, algorithms=["HS256"])["user_id"]
user = User.objects.get(pk=user_id)
user_data = UserSerializer(user).data
user_data.pop("password")
new_jwt_token = {
"access_token": str(new_access_token),
"refresh_token": str(new_refresh_token),
}
response = Response(user_data, status=status.HTTP_200_OK)
response.set_cookie("jwt_token", json.dumps(new_jwt_token), httponly=settings.JWT_HTTPONLY,secure=settings.JWT_SECURE,samesite=settings.JWT_SAMESITE, max_age=settings.JWT_COOKIE_MAX_AGE, path="/")
return response
Share
Improve this question
edited Jan 19 at 2:51
nikolayli
asked Jan 18 at 7:34
nikolaylinikolayli
32 bronze badges
2
- So how do you map the ports locally to the docker container? Did you set the cookie through docker? If yes, can you add that logic? – willeM_ Van Onsem Commented Jan 18 at 9:02
- I expose port 8000 (gunicorn django port) to the Docker compose system, and then map port 80 of the nginx container to port 80 of the Docker compose system, so the django/gunicorn container port is only available within the Docker compose system. The cookie is set in the same file as the views.py where the code above for the Logout view. I added the code for the function that sets the cookie. – nikolayli Commented Jan 19 at 2:48
1 Answer
Reset to default 0You can logout simply like this
@api_view(['GET'])
def LogoutUser(request):
# simply delete the token to force a login
request.user.auth_token.delete()
return Response(status=status.HTTP_200_OK)