Signout on Auth

Describe your feature request
So you know how you can sign in to a website using Repl Auth? Well, you can’t really sign out. I want a function or something that allows you to sign out. Right now, all you can do is delete the REPL_AUTH cookie, and that’s not very professional or good in general if you want users to come back to your site. You can’t just expire the cookie in the frontend because it’s a server cookie.

What problem(s) would this feature solve?
It’s a shame to have started something but not quite finished it. This feature request would allow people to use Replit Authentication better. AFAIK this should be a semi-easy fix or at least, a necessary one.

Explain what you were trying to do when you came across the problem leading to this feature request

I wanted to know how to delete a cookie in JS until I realized that the cookie was a server one. I realized how weird it is that Replit provided a way to sign in but not out, because that’s like finishing the job partway. A lot of people use Repl Auth and have probably encountered a problem like mine.

5 Likes

Is this for the forum or custom sites that use Replit Auth?

2 Likes

Sites that use Replit Auth

4 Likes

It would also allow for easier testing, instead of opening an incognito tab or something.

3 Likes

Just wondering: why isn’t this professional? Users won’t know or care if the cookie is cleared from the server side vs the client side

Edit: I made a quick example of signout with repl auth (it’s not that hard):

https://replit.com/@GrimSteel/ReplAuthSignout

4 Likes

This quirk means that basically you have to sign in, and you’re not allowed to sign out until the website signs you out (because the cookie expires). Also, I mean it’s not professional to have to delete the cookie yourself (you have to press on the lock in the URL bar, and go to site settings) just to sign out.

4 Likes

The majority of websites I’ve seen include buttons/links for the user to sign out

1 Like

It should be included WITH Repl Auth, it makes more sense to have both together.

3 Likes

@804kn maybe add this to your auth remake

1 Like

@GrimSteel this doesn’t seem to actually be working anymore :frowning:

. . .document.cookie="". . . ?

Am I missing something here

works for me, may be your device

That doesn’t work, idk much about cookies but I don’t think reg js in the browser can delete serverside/backend(don’t know the name) cookies

3 Likes

Yes - I think they’re called “HTTP Only” cookies

2 Likes