deleteSession API removes browser's cookieFallback

[RedLeeder]

🐛 Bug Report

Using .account.deleteSession('[SESSION_ID]') with SESSION_ID that is not the current one results in the session with SESSION_ID being removed (expected behavior) but also somehow removes the browser's Local Storage cookieFallback value (which makes the browser think the current session is destroyed, even though the session is still alive on appwrite).

Have you spent some time to check if this issue has been raised before?

Yep.

To Reproduce

1. Pass SessionID value (that is not the current one) to the following function

async function deleteSession(id) {
    try {
      await api.deleteSession(id);
      props.notify('Session Removed', 'success');
      await getSessions(); // Refreshes the session list (but gets the 401 response due to cookieFallback being empty)
    } catch (e) {
      setError("Error: " + e.toString().replace('AppwriteException: ', ''));
    }
  }

2. Which calls the following API command

deleteSession: (id) => {
  return api.provider().account.deleteSession(id);
},

Expected behavior

Session with Session ID is destroyed.

Actual Behavior

Session with Session ID is destroyed (Good) and cookieFallback value is deleted (Bad)

Before API

After API

Your Environment

React/Nodejs Implementation
Self Hosted Appwrite installation via Docker

[RedLeeder]

So looks like this fix will be implemented in a future version? Thanks for the prompt response/fix implementation!

[eldadfux]

I would keep this open until the release is actually out.

[eldadfux]

This is now fixed and available as part of Appwrite 0.9:
https://dev.to/appwrite/announcing-appwrite-0-9-the-open-source-firebase-alternative-53ho 🥳 🎉