Browser not deleting next-auth.session-token when signout event is defined in options.

[lucassmcardoso]

I'd be thankful for some help with regards to this weird behaviour of next-auth in my application. I'm using auth via credentials and setting a custom cookie with the value being a JWT that is both generated and used by a custom backend running express.

In order to delete this cookie on signout I'm using the signOut(...) event defined in here, in the following way:

import { cookies } from "next/headers";

...

export const authOptions = {
    ...options,
    events: {
        signOut() {
            cookies().delete("cookie");
        }
    }
}

It works, as in, it deletes the custom cookie I'm setting up on authorize(...), but it does not works when I try to delete the next-auth.session-token cookie in the same way. Although it seems to delete the next-auth.session-token cookie if I do not set the signOut(...) event in the options.

Other interesting information is that, although the cookie is not deleted the token is removed and its value become a empty string.

In the end, I would like to ask for help to discover whether I'd have to call some other build-in method together with the signOut(...) event or there's some other thing I'm overlooking. I feel like there's some part of the flow that is resetting this cookie qithout value.