Interia clearHistory doesn't clear across subdomains #2297
Description
Versions:
inertiajs/vue3 2.0.6
Describe the problem:
If inertia is used across multiple subdomains clearHistory both PHP and JS calls only clear the history of the next subdomain hit. While not a bug, it might not be expected by developers, and could expose information unintentionally if you are expecting logout to clear the history for the whole site
Steps to reproduce:
Create an app that loads from multiple subdomains, browse from one domain to the next and call clear history, navigating back to the previous domain, history will maintain.
Proposed Solution
I am happy to submit a PR it this is ok, but I need some guidance on where to put it in the JS code.
I have a solution proposal on load of the application we set a UUID in a cookie and in sessionStorage. On future loads, if the calls in sessionStorage doesn't match the cookie we call clearHistory and set sessionStorage = to the cookie value
Currently I have it in the setup function in inertia.ts I would also need to replace import.meta.env.VITE_APP_DOMAIN with something else.
import { createInertiaApp, router } from '@inertiajs/vue3';
import { v4 as uuidv4 } from 'uuid';
import { useCookies } from 'vue3-cookies';
....
const { cookies } = useCookies();
const inrtCookie = cookies.get('_inrt');
if (!inrtCookie) {
const newCookie = uuidv4();
cookies.set('_inrt', newCookie, 0, '/', '.' + import.meta.env.VITE_APP_DOMAIN);
sessionStorage.setItem('_inrt', newCookie);
router.clearHistory();
} else {
const sessionCookie = sessionStorage.getItem('_inrt');
if (sessionCookie !== inrtCookie) {
router.clearHistory();
sessionStorage.setItem('_inrt', inrtCookie);
}
}Then in the Intertia::clearHistory function we would call forget on '_inrt'