I have a django res application that sets a http only cookie on login. I also have a log out view that will remove this cookie.
class LogoutAPI(APIView):
def post(self, request):
response = Response(request)
if request.COOKIES.get("refresh_token") is not None:
response.delete_cookie("refresh_token")
response.data = {
"details": "successfully logged out"
}
else:
response.data = {
"details": "user already logged out"
}
response.status_code = status.HTTP_208_ALREADY_REPORTED
return response
My django app is running on 127.0.0.1:8000.
The cookie is deleted as expected if I use 127.0.0.1:3000 to view my react app, but does not delete if use localhost:3000
Why is this?
for reference, this is how my cookie is set (both 127 and localhost receive this in the browser cookies correctly)
response.set_cookie("refresh_token", str(refresh), httponly=True, expires=expire, samesite="None", secure=True)