From f76e5db9bce4ba1715a344c7c94bcb81d80ab494 Mon Sep 17 00:00:00 2001
From: MarwanRadwan7 <marwan.swe@outlook.com>
Date: Thu, 18 Jul 2024 12:48:03 +0300
Subject: [PATCH 1/2] Fix cart items after user logs out

---
 .../pages/frontStore/customerLogoutJson/logout.js   | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/packages/evershop/src/modules/customer/pages/frontStore/customerLogoutJson/logout.js b/packages/evershop/src/modules/customer/pages/frontStore/customerLogoutJson/logout.js
index 37a1d7298..8d28da02d 100644
--- a/packages/evershop/src/modules/customer/pages/frontStore/customerLogoutJson/logout.js
+++ b/packages/evershop/src/modules/customer/pages/frontStore/customerLogoutJson/logout.js
@@ -1,3 +1,4 @@
+const { warning } = require('@evershop/evershop/src/lib/log/logger');
 const {
   INTERNAL_SERVER_ERROR,
   OK
@@ -20,6 +21,18 @@ module.exports = (request, response, delegate, next) => {
         response.$body = {
           data: {}
         };
+        // When a logged in user is logging out
+        // Delete the cookie/session and the website
+        // Will generate another session automatically
+        request.session.destroy((err) => {
+          if (err) {
+            // log if an error
+            warning(
+              `error in deleting session. sid:${request.session.id}, cartId:${request.session.cartID}, customerId:${request.session.customerID}`
+            );
+          }
+          response.clearCookie('sid');
+        });
         next();
       }
     });

From 18f5019a7d92de2e5f56541574e2d4460df0c273 Mon Sep 17 00:00:00 2001
From: MarwanRadwan7 <marwan.swe@outlook.com>
Date: Thu, 18 Jul 2024 12:48:51 +0300
Subject: [PATCH 2/2] Fix production cookie settings

---
 packages/evershop/bin/lib/addDefaultMiddlewareFuncs.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/evershop/bin/lib/addDefaultMiddlewareFuncs.js b/packages/evershop/bin/lib/addDefaultMiddlewareFuncs.js
index 75f8ac940..aa4f7d466 100644
--- a/packages/evershop/bin/lib/addDefaultMiddlewareFuncs.js
+++ b/packages/evershop/bin/lib/addDefaultMiddlewareFuncs.js
@@ -86,7 +86,8 @@ exports.addDefaultMiddlewareFuncs = function addDefaultMiddlewareFuncs(
 
   if (isProductionMode()) {
     app.set('trust proxy', 1);
-    sess.cookie.secure = false;
+    sess.cookie.secure = true; // HTTPS
+    sess.cookie.sameSite = 'strict'; // Prevent CSRF attacks
   }
 
   const adminSessionMiddleware = session({