Merge pull request #3976 from darwin808/fix/expire-cookie-path-domain

Author: ReneWerner87

ctx_test.go

@@ -1404,7 +1404,7 @@ func Test_Ctx_Cookie_Invalid(t *testing.T) {
 		{Name: "i", Value: "b", Domain: "2001:db8::1"},                                // ipv6 not allowed
 		{Name: "p", Value: "b", Path: "\x00"},                                         // invalid path byte
 		{Name: "e", Value: "b", Expires: time.Date(1500, 1, 1, 0, 0, 0, 0, time.UTC)}, // invalid expires
-		{Name: "s", Value: "b", Partitioned: true},                                    // partitioned but not secure
+		// Note: Partitioned without Secure is auto-fixed (Secure=true set automatically per CHIPS spec)
 	}
 
 	for _, invalid := range cases {

docs/api/ctx.md

@@ -2088,8 +2088,7 @@ app.Get("/set", func(c fiber.Ctx) error {
 app.Get("/delete", func(c fiber.Ctx) error {
     c.Cookie(&fiber.Cookie{
         Name:     "token",
-        // Set expiry date to the past
-        Expires:  time.Now().Add(-(time.Hour * 2)),
+        Expires:  fasthttp.CookieExpireDelete, // Use fasthttp's built-in constant
         HTTPOnly: true,
         SameSite: "Lax",
     })
@@ -2098,6 +2097,22 @@ app.Get("/delete", func(c fiber.Ctx) error {
 })
 ```
 
+You can also use `c.Cookie()` to expire cookies with specific `Path` or `Domain` attributes:
+
+```go title="Example"
+app.Get("/logout", func(c fiber.Ctx) error {
+    // Expire a cookie with path and domain
+    c.Cookie(&fiber.Cookie{
+        Name:    "token",
+        Path:    "/api",
+        Domain:  "example.com",
+        Expires: fasthttp.CookieExpireDelete,
+    })
+
+    return c.SendStatus(fiber.StatusOK)
+})
+```
+
 ### Cookie
 
 Sets a cookie.

res.go

@@ -249,6 +249,11 @@ func (r *DefaultRes) Cookie(cookie *Cookie) {
 		sameSite = http.SameSiteLaxMode
 	}
 
+	// Partitioned requires Secure=true per CHIPS spec
+	if cookie.Partitioned {
+		cookie.Secure = true
+	}
+
 	// create/validate cookie using net/http
 	hc := &http.Cookie{
 		Name:        cookie.Name,