Delete invalid cookies on invalid requests (!164) · Merge requests · Jamie Tanna / www-api

Jamie Tanna requested to merge feature/delete-invalid-cookies into develop Jun 29, 2020

On the case that an invalid cookie is sent (be that malice or accident) we should unset the cookie, so it can't be reused.

This has the added bonus of making it a nicer UX in the case it's an accident, especially if i.e. using mobile where it's not as straightforward to clear cookies.

Delete invalid cookies on invalid requests

Merge request reports