docs: update known issues for Redirect URI and authorization callback URL in Authentik and GitHub configurations

fix: enhance session cookie deletion logic with dynamic domain handling

documentation/docs/configuration/social_auth/authentik.md

@@ -15,11 +15,6 @@ To enable Authentik as an identity provider, the administrator must first config
 1. Log in to Authentik and navigate to the `Providers` page and create a new provider.
 2. Select `OAuth2/OpenID Provider` as the provider type.
 3. Name it `AdventureLog` or any other name you prefer.
-
-::: warning
-Known issue: The `Redirect URI` should use `http` even if your site uses `https`. This is a known issue with AdventureLog and will be fixed in a future release.
-:::
-
 4. Set the `Redirect URI` of type `Regex` to `^http://<adventurelog-server-url>/accounts/oidc/.*$` where `<adventurelog-url>` is the URL of your AdventureLog Server service.
 5. Copy the `Client ID` and `Client Secret` generated by Authentik, you will need these to configure AdventureLog.
 6. Create an application in Authentik and assign the provider to it, name the `slug` `adventurelog` or any other name you prefer.

documentation/docs/configuration/social_auth/github.md

@@ -15,11 +15,6 @@ To enable GitHub as an identity provider, the administrator must first configure
    - Application Name: `AdventureLog` or any other name you prefer.
    - Homepage URL: `<adventurelog-frontend-url>` where `<adventurelog-frontend-url>` is the URL of your AdventureLog Frontend service.
    - Application Description: `AdventureLog` or any other description you prefer.
-
-   ::: warning
-   Known issue: The uthorization callback URL should use `http` even if your site uses `https`. This is a known issue with AdventureLog and will be fixed in a future release.
-   :::
-
    - Authorization callback URL: `http://<adventurelog-backend-url>/accounts/github/login/callback/` where `<adventurelog-backend-url>` is the URL of your AdventureLog Backend service.
    - If you want the logo, you can find it [here](https://adventurelog.app/adventurelog.png).
 

frontend/src/routes/+page.server.ts

@@ -3,6 +3,7 @@ import { redirect, type Actions } from '@sveltejs/kit';
 import { themes } from '$lib';
 import { fetchCSRFToken } from '$lib/index.server';
 import type { PageServerLoad } from './$types';
+import { log } from 'console';
 
 const serverEndpoint = PUBLIC_SERVER_URL || 'http://localhost:8000';
 
@@ -41,8 +42,33 @@ export const actions: Actions = {
 			},
 			credentials: 'include'
 		});
-		if (res.status == 401) {
-			event.cookies.delete('sessionid', { path: '/', secure: event.url.protocol === 'https:' });
+
+		// Determine the proper cookie domain
+		const hostname = event.url.hostname;
+		const domainParts = hostname.split('.');
+		let cookieDomain: string | undefined = undefined;
+
+		if (domainParts.length > 2) {
+			// For subdomains like app.mydomain.com -> .mydomain.com
+			cookieDomain = '.' + domainParts.slice(-2).join('.');
+		} else if (domainParts.length === 2) {
+			// For root domains like mydomain.com -> .mydomain.com
+			cookieDomain = '.' + hostname;
+		} else {
+			// For localhost or single-part domains (e.g., "localhost")
+			cookieDomain = undefined; // Do not set the domain
+		}
+
+		console.log('Deleting sessionid cookie with domain:', cookieDomain);
+
+		// Delete the session cookie
+		event.cookies.delete('sessionid', {
+			path: '/',
+			secure: event.url.protocol === 'https:',
+			domain: cookieDomain
+		});
+
+		if (res.status === 401) {
 			return redirect(302, '/login');
 		} else {
 			return redirect(302, '/');