From ce8dbbc436ada8b152a1a1c61944a70f836ac12a Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Thu, 19 Oct 2017 20:19:19 +0200
Subject: [PATCH] Delete 'remember me' cookies from previous major versions as
 well

---
 src/Auth.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/Auth.php b/src/Auth.php
index dd9e987..44019e4 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -470,6 +470,27 @@ final class Auth extends UserManager {
 		if ($result === false) {
 			throw new HeadersAlreadySentError();
 		}
+
+		// if we've been deleting the cookie above
+		if (!isset($selector) || !isset($token)) {
+			// attempt to delete a potential old cookie from versions v1.x.x to v6.x.x as well
+
+			$cookie = new Cookie('auth_remember');
+
+			if (!empty($params['path'])) {
+				$cookie->setPath($params['path']);
+			}
+
+			if (!empty($params['domain'])) {
+				$cookie->setDomain($params['domain']);
+			}
+
+			$cookie->setHttpOnly($params['httponly']);
+			$cookie->setSecureOnly($params['secure']);
+
+			// delete the instance (requests a cookie to be written on the client)
+			$cookie->delete();
+		}
 	}
 
 	/**