vercel/next.js

route seems to be cached despite the force-dynamic and the use of cookies

gaudiauj opened this issue · 2 comments

gaudiauj commented

Link to the code that reproduces this issue

https://github.com/gaudiauj/nextJsRedirectBug/tree/next14

To Reproduce

  1. start the application npm run dev
  2. go to the /login page and click on the login button.
  3. click on the logout button.
  4. click on the /login again.
  5. click on the logout again.

=> you can see that you have been redirect to the /login page but the customer cookies did not get deleted because the api/logout routes did not get called.

Current vs. Expected behavior

The api/logout routes doesn't get call the second time despite using cookies and having a export const dynamic = 'force-dynamic'; I expect the route to be called every time ! By redirecting directly, the cookies never get deleted and therefore the user is never really disconnected.

How do i make sure the routes is properly called ?

Provide environment information

Operating System:
  Platform: darwin
  Arch: arm64
  Version: Darwin Kernel Version 23.6.0: Wed Jul 31 20:53:05 PDT 2024; root:xnu-10063.141.1.700.5~1/RELEASE_ARM64_T8112
  Available memory (MB): 16384
  Available CPU cores: 8
Binaries:
  Node: 20.11.1
  npm: 10.2.4
  Yarn: N/A
  pnpm: N/A
Relevant Packages:
  next: 14.2.20 // An outdated version detected (latest is 15.1.0), upgrade is highly recommended!
  eslint-config-next: N/A
  react: 18.3.1
  react-dom: 18.3.1
  typescript: 5.7.2
Next.js Config:
  output: N/A
 ⚠ An outdated version detected (latest is 15.1.0), upgrade is highly recommended!
   Please try the latest canary version (`npm install next@canary`) to confirm the issue still exists before creating a new issue.
   Read more - https://nextjs.org/docs/messages/opening-an-issue

Which area(s) are affected? (Select all that apply)

Not sure, Navigation

Which stage(s) are affected? (Select all that apply)

next dev (local), next start (local), Other (Deployed)

Additional context

I tested the same repo with next 15.1 => https://github.com/gaudiauj/nextJsRedirectBug/tree/next15 And it work the way it is expected.

icyJoseph commented

Is it not the issue that the response, sent from logout, doesn't have the cookie? you have to rather, send a set-cookie header, that sets your customer cookie to a maxAge 0 and expiry date new Date(0) or something like that, I forget the exact details.

gaudiauj commented

The cookie get deleted correctly the first time. But the second time, nothing is happening. Even the console.log in the top of the function is not displayed