From ff9a1a1f55b97fc07f4e8ff6aa609ae0d9796890 Mon Sep 17 00:00:00 2001
From: d11n <mail@dennisreimann.de>
Date: Tue, 1 Feb 2022 02:42:31 +0100
Subject: [PATCH] Delete user preferences cookie on logout (#3379)

I think it is a good practice to remove those settings on logout. Otherwise they get persisted across multiple accounts, which might not be desired.
---
 BTCPayServer/Controllers/UIAccountController.cs | 1 +
 BTCPayServer/Extensions.cs                      | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/BTCPayServer/Controllers/UIAccountController.cs b/BTCPayServer/Controllers/UIAccountController.cs
index ce1526358..b58f7e2e2 100644
--- a/BTCPayServer/Controllers/UIAccountController.cs
+++ b/BTCPayServer/Controllers/UIAccountController.cs
@@ -605,6 +605,7 @@ namespace BTCPayServer.Controllers
         public async Task<IActionResult> Logout()
         {
             await _signInManager.SignOutAsync();
+            HttpContext.DeleteUserPrefsCookie();
             _logger.LogInformation("User logged out.");
             return RedirectToAction(nameof(UIHomeController.Index), "UIHome");
         }
diff --git a/BTCPayServer/Extensions.cs b/BTCPayServer/Extensions.cs
index ab911f557..a83c3986d 100644
--- a/BTCPayServer/Extensions.cs
+++ b/BTCPayServer/Extensions.cs
@@ -425,6 +425,11 @@ namespace BTCPayServer
             return prefCookie;
         }
 
+        public static void DeleteUserPrefsCookie(this HttpContext ctx)
+        {
+            ctx.Response.Cookies.Delete(nameof(UserPrefsCookie));
+        }
+
         private static void SetCurrentStoreId(this HttpContext ctx, string storeId)
         {
             var prefCookie = ctx.GetUserPrefsCookie();