Cookie doesn't get removed if using topLevelDomain

[louiszuckerman]

Looks like $cookies.remove() needs to be called with the domain when a domain is used on $cookies.put().

Using angular 1.5.11 and angular-jwt-auth 4.0.13.

Tested on chrome & firefox, latest versions, on MacOS Sierra.

After logging out the cookie hangs around until it expires. Even when logging in as a new user, the old cookie remains until it expires and gets refreshed.

[louiszuckerman]

Found another issue with cookie management using top level domain: the cookie doesn't get refreshed.

When first saving the cookie, with top level domain, we try saving it with domain name parts, adding from right to left. So, the first attempt to save the cookie uses domain com, which fails the while condition, then another attempt is made with the next domain part, example.com, which succeeds because this matches the domain of the browser document. All is well so far.

The problem happens when we try to refresh the cookie. We go through the do block, but we try again with com in the cookie domain, so the browser refuses to save this cookie. Then we check to see if the cookie exists, by name only, which is true, because we saved a cookie before with the same name -- but this is not our new refreshed cookie.

As a result, a new cookie won't be stored until the existing cookie expires, when there's no longer a cookie by that name.

[louiszuckerman]

I added a commit to the PR to remember the discovered top level domain. One known limitation with this approach is that if the SPA is reloaded then the remembered value will be lost, and we won't be able to save the cookie until it expires, like before.

Considering a fix for this by checking if cookie is enabled && no cookie exists (by name) in the refresh timer check, if the condition is true then trigger a token refresh.