SUPPORT-8942: Fix

backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java

@@ -170,7 +170,7 @@ public class EsiaAuthService {
     String prnOid = null;
     Long expiresIn = null;
     long signSecret = 0, requestAccessToken = 0, verifySecret = 0;
-    String verifyStateResult = verifyStateFromCookie(request, state);
+    String verifyStateResult = verifyStateFromCookie(request, state, response);
     if (verifyStateResult != null) {
       throw new EsiaException(verifyStateResult);
     }
@@ -486,7 +486,7 @@ public class EsiaAuthService {
     }
   }
 
-  private String verifyStateFromCookie(HttpServletRequest request, String state) {
+  private String verifyStateFromCookie(HttpServletRequest request, String state, HttpServletResponse response) {
     Cookie cookie = WebUtils.getCookie(request, PRNS_UUID);
     if (cookie == null) {
       return "State invalid. Cookie not found";
@@ -497,6 +497,7 @@ public class EsiaAuthService {
       return "State invalid. State from ESIA not equals with state before";
     }
     EsiaTokensStore.removeState(prnsUUID);
+    securityHelper.clearCookie(response, PRNS_UUID, "/");
     return null;
   }
 }

backend/src/main/java/ru/micord/ervu/security/webbpm/jwt/helper/SecurityHelper.java

@@ -48,6 +48,12 @@ public final class SecurityHelper {
     addResponseCookie(response, emptyAuthMarker);
   }
 
+  public void clearCookie(HttpServletResponse response, String name, String path) {
+    ResponseCookie emptyCookie = createCookie(name, null, path)
+        .maxAge(0).build();
+    addResponseCookie(response, emptyCookie);
+  }
+
   public void addResponseCookie(HttpServletResponse response, ResponseCookie cookie) {
     response.addHeader(HttpHeaders.SET_COOKIE, cookie.toString());
   }