@faststore/core 3.96.0-dev.18 → 3.96.0-dev.19

package/.turbo/turbo-build.log

@@ -1,23 +1,23 @@
 
-> @faststore/core@3.96.0-dev.17 prebuild /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 prebuild /home/runner/work/faststore/faststore/packages/core
 > na run partytown && na run generate
 
 
-> @faststore/core@3.96.0-dev.17 partytown /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 partytown /home/runner/work/faststore/faststore/packages/core
 > partytown copylib ./public/~partytown
 
 Partytown lib copied to: /home/runner/work/faststore/faststore/packages/core/public/~partytown
 
-> @faststore/core@3.96.0-dev.17 generate /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 generate /home/runner/work/faststore/faststore/packages/core
 > na run generate:schema && na run generate:codegen && na run format:generated
 
 
-> @faststore/core@3.96.0-dev.17 generate:schema /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 generate:schema /home/runner/work/faststore/faststore/packages/core
 > tsx src/server/generator/generateGraphQLSchemaFile.ts
 
 Schema GraphQL file generated successfully
 
-> @faststore/core@3.96.0-dev.17 generate:codegen /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 generate:codegen /home/runner/work/faststore/faststore/packages/core
 > graphql-codegen
 
 [STARTED] Parse Configuration
@@ -37,11 +37,11 @@ Running lifecycle hook "afterStart" scripts...
 [CLI] Loading Documents
 [CLI] Generating output
 
-> @faststore/core@3.96.0-dev.17 format:generated /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 format:generated /home/runner/work/faststore/faststore/packages/core
 > prettier --write "@generated/**/*.{ts,js,tsx,jsx,json}" --loglevel error
 
 
-> @faststore/core@3.96.0-dev.17 build /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 build /home/runner/work/faststore/faststore/packages/core
 > next build
 
 ⚠ No build cache found. Please configure build caching for faster rebuilds. Read more: https://nextjs.org/docs/messages/no-cache
@@ -58,7 +58,7 @@ Browserslist: caniuse-lite is outdated. Please run:
    Creating an optimized production build ...
    Disabled SWC as replacement for Babel because of custom Babel configuration ".babelrc.js" https://nextjs.org/docs/messages/swc-disabled
    Using external babel configuration from /home/runner/work/faststore/faststore/packages/core/.babelrc.js
-Browserslist: browsers data (caniuse-lite) is 11 months old. Please run:
+Browserslist: browsers data (caniuse-lite) is 12 months old. Please run:
   npx update-browserslist-db@latest
   Why you should do it regularly: https://github.com/browserslist/update-db#readme
 <w> [webpack.cache.PackFileCacheStrategy] Skipped not serializable cache item 'Compilation/modules|/home/runner/work/faststore/faststore/node_modules/.pnpm/next@13.5.11_@babel+core@7.26.7_@opentelemetry+api@1.4.1_react-dom@18.3.1_react@18.3.1__react@18.3.1_sass@1.83.4/node_modules/next/dist/build/webpack/loaders/css-loader/src/index.js??ruleSet[1].rules[7].oneOf[9].use[1]!/home/runner/work/faststore/faststore/node_modules/.pnpm/next@13.5.11_@babel+core@7.26.7_@opentelemetry+api@1.4.1_react-dom@18.3.1_react@18.3.1__react@18.3.1_sass@1.83.4/node_modules/next/dist/build/webpack/loaders/postcss-loader/src/index.js??ruleSet[1].rules[7].oneOf[9].use[2]!/home/runner/work/faststore/faststore/node_modules/.pnpm/next@13.5.11_@babel+core@7.26.7_@opentelemetry+api@1.4.1_react-dom@18.3.1_react@18.3.1__react@18.3.1_sass@1.83.4/node_modules/next/dist/build/webpack/loaders/resolve-url-loader/index.js??ruleSet[1].rules[7].oneOf[9].use[3]!/home/runner/work/faststore/faststore/node_modules/.pnpm/next@13.5.11_@babel+core@7.26.7_@opentelemetry+api@1.4.1_react-dom@18.3.1_react@18.3.1__react@18.3.1_sass@1.83.4/node_modules/next/dist/compiled/sass-loader/cjs.js??ruleSet[1].rules[7].oneOf[9].use[4]!/home/runner/work/faststore/faststore/packages/core/src/components/common/Toast/section.module.scss': No serializer registered for Warning
@@ -91,39 +91,40 @@ Route (pages)                              Size     First Load JS
 ┌ ● /                                      7.39 kB         147 kB
 ├   └ css/02259c549b2179f2.css             3.1 kB
 ├   /_app                                  0 B             108 kB
-├ ● /[...slug]                             2.55 kB         157 kB
-├ ● /[slug]/p                              98.1 kB         237 kB
+├ ● /[...slug]                             2.55 kB         158 kB
+├ ● /[slug]/p                              98.1 kB         238 kB
 ├   └ css/a6a4ebbe01adbbad.css             22.2 kB
-├ ○ /404                                   1.57 kB         141 kB
-├ ● /500                                   1.57 kB         141 kB
+├ ○ /404                                   1.57 kB         142 kB
+├ ● /500                                   1.57 kB         142 kB
+├ λ /api/fs/logout                         0 B             108 kB
 ├ λ /api/graphql                           0 B             108 kB
 ├ λ /api/health/live                       0 B             108 kB
 ├ λ /api/health/ready                      0 B             108 kB
 ├ λ /api/preview                           0 B             108 kB
-├ ● /checkout                              749 B           140 kB
-├ ● /login                                 1.7 kB          141 kB
+├ ● /checkout                              749 B           141 kB
+├ ● /login                                 1.7 kB          142 kB
 ├ λ /pvt/account                           247 B           108 kB
 ├ ● /pvt/account/[...unknown]              287 B           109 kB
-├ λ /pvt/account/403                       2.98 kB         142 kB
+├ λ /pvt/account/403                       2.98 kB         143 kB
 ├   └ css/0fae3d432331aae9.css             4.68 kB
 ├ λ /pvt/account/404                       2.18 kB         142 kB
 ├   └ css/0fc6b2ff69142c6a.css             4.74 kB
-├ λ /pvt/account/orders                    9.78 kB         149 kB
+├ λ /pvt/account/orders                    9.78 kB         150 kB
 ├   └ css/40a294d0a24ad01d.css             14.1 kB
-├ λ /pvt/account/orders/[id]               12.1 kB         151 kB
+├ λ /pvt/account/orders/[id]               12.1 kB         152 kB
 ├   └ css/5eecefd2c6deeee4.css             13.3 kB
-├ λ /pvt/account/profile                   1.98 kB         141 kB
+├ λ /pvt/account/profile                   1.98 kB         142 kB
 ├   └ css/47f1b4e8de15d314.css             4.42 kB
-├ λ /pvt/account/security                  3.96 kB         143 kB
+├ λ /pvt/account/security                  3.96 kB         144 kB
 ├   └ css/973dd40d4773e8cd.css             5.74 kB
-├ λ /pvt/account/user-details              1.91 kB         141 kB
+├ λ /pvt/account/user-details              1.91 kB         142 kB
 ├   └ css/05c399956ff24b77.css             4.54 kB
 └ ● /s                                     3.36 kB         158 kB
 + First Load JS shared by all              112 kB
   ├ chunks/framework-d514426edf885c68.js   45.4 kB
   ├ chunks/main-ec03882c4375091d.js        33.2 kB
   ├ chunks/pages/_app-35b56c71ba4f9a54.js  25.8 kB
-  ├ chunks/webpack-237c97ab0eda7441.js     3.85 kB
+  ├ chunks/webpack-7a3373ab044e72a1.js     3.85 kB
   └ css/0f070d03aacd9cc5.css               3.57 kB
 
 λ  (Server)  server-side renders at runtime (uses getInitialProps or getServerSideProps)

package/.turbo/turbo-test.log

@@ -1,15 +1,17 @@
 
-> @faststore/core@3.96.0-dev.17 test /home/runner/work/faststore/faststore/packages/core
+> @faststore/core@3.96.0-dev.18 test /home/runner/work/faststore/faststore/packages/core
 > jest
 
-PASS test/utils/multipleTemplates.test.ts (25.029 s)
+PASS test/utils/multipleTemplates.test.ts (28.172 s)
+PASS test/utils/clearCookies.test.ts (26.854 s)
 PASS test/server/cms/global.test.ts
-PASS test/utils/cookieCacheBusting.test.ts (24.88 s)
+PASS test/utils/cookieCacheBusting.test.ts
 PASS test/server/cms/index.test.ts
-PASS test/server/index.test.ts (28.994 s)
+PASS test/server/index.test.ts (31.932 s)
+A worker process has failed to exit gracefully and has been force exited. This is likely caused by tests leaking due to improper teardown. Try running with --detectOpenHandles to find leaks. Active timers can also cause this, ensure that .unref() was called on them.
 
-Test Suites: 5 passed, 5 total
-Tests:       27 passed, 27 total
+Test Suites: 6 passed, 6 total
+Tests:       47 passed, 47 total
 Snapshots:   0 total
-Time:        30.044 s
+Time:        33.242 s
 Ran all test suites.

package/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.96.0-dev.19](https://github.com/vtex/faststore/compare/v3.96.0-dev.18...v3.96.0-dev.19) (2026-01-08)
+
+### Features
+
+- logout clear storage ([#3163](https://github.com/vtex/faststore/issues/3163)) ([1fbacc3](https://github.com/vtex/faststore/commit/1fbacc3b3e32b4f83a2f56c1f97eb0f8ff843f61))
+
 # 3.96.0-dev.18 (2025-12-24)
 
 **Note:** Version bump only for package @faststore/core

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@faststore/core",
-  "version": "3.96.0-dev.18",
+  "version": "3.96.0-dev.19",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -123,5 +123,5 @@
     "ts-jest": "29.1.1",
     "typescript": "5.3.2"
   },
-  "gitHead": "9542c229e2e447e1e3c2fdc38162bef78c7cc707"
+  "gitHead": "f0c386389af326e23b23cc9813f0821585df9723"
 }

package/src/components/account/MyAccountDrawer/OrganizationDrawer/OrganizationDrawer.tsx

@@ -1,6 +1,12 @@
 import { SlideOver, useFadeEffect } from '@faststore/ui'
 
 import { useSession } from 'src/sdk/session'
+import {
+  expireCookieClient,
+  getCookieDomains,
+  getCookiePaths,
+  getVtexCookieNames,
+} from 'src/utils/clearCookies'
 import storeConfig from '../../../../../discovery.config'
 import { ProfileSummary } from '../ProfileSummary/ProfileSummary'
 import { OrganizationDrawerBody } from './OrganizationDrawerBody'
@@ -13,11 +19,105 @@ type OrganizationDrawerProps = {
   isRepresentative: boolean
 }
 
-export const doLogout = () => {
+const clearBrowserStorageForCurrentDomain = async () => {
+  if (typeof window === 'undefined' || !storeConfig) return
+
+  // Clear Faststore-specific sessionStorage keys
+  try {
+    const sessionStorageKeys = [
+      'faststore_session_ready',
+      'faststore_auth_cookie_value',
+      'faststore_cache_bust_last_value',
+    ]
+
+    for (const key of sessionStorageKeys) {
+      try {
+        window.sessionStorage?.removeItem(key)
+      } catch {}
+    }
+
+    // Remove all keys starting with __fs_gallery_page_ (used for PLP pagination)
+    try {
+      const keysToRemove: string[] = []
+      for (let i = 0; i < window.sessionStorage.length; i++) {
+        const key = window.sessionStorage.key(i)
+        if (key && key.startsWith('__fs_gallery_page_')) {
+          keysToRemove.push(key)
+        }
+      }
+      for (const key of keysToRemove) {
+        try {
+          window.sessionStorage.removeItem(key)
+        } catch {}
+      }
+    } catch {}
+  } catch {}
+
+  // Clear all cookies containing 'vtex' in the name (case-insensitive)
+  try {
+    const hostname = window.location.hostname
+    const secure = window.location.protocol === 'https:'
+
+    // Extract all cookie names from document.cookie
+    const allCookieNames = document.cookie
+      .split(';')
+      .map((c) => c.trim())
+      .filter(Boolean)
+      .map((c) => c.split('=')[0])
+      .filter(Boolean)
+
+    const vtexCookieNames = getVtexCookieNames(allCookieNames)
+    const paths = getCookiePaths(window.location.pathname || '/')
+    const domains = getCookieDomains(hostname)
+
+    for (const name of vtexCookieNames) {
+      for (const path of paths) {
+        for (const domain of domains) {
+          try {
+            expireCookieClient({ name, path, domain, secure })
+          } catch {}
+        }
+      }
+    }
+  } catch {}
+
+  // Clear IndexedDB (keyval-store)
+  try {
+    if (!('indexedDB' in window)) return
+
+    const idb = window.indexedDB
+    if (!idb) return
+
+    await new Promise<void>((resolve) => {
+      const req = idb.deleteDatabase('keyval-store')
+      req.onsuccess = () => resolve()
+      req.onerror = () => resolve()
+      req.onblocked = () => resolve()
+    })
+  } catch {}
+}
+
+export const doLogout = async (_event?: unknown) => {
   if (!storeConfig) return
-  window.location.assign(
-    `${storeConfig.secureSubdomain}/api/vtexid/pub/logout?scope=${storeConfig.api.storeId}&returnUrl=${storeConfig.storeUrl}`
-  )
+
+  try {
+    // Clear client-side storage (sessionStorage, localStorage, IndexedDB, non-HttpOnly cookies)
+    await clearBrowserStorageForCurrentDomain()
+
+    // Clear HttpOnly cookies via API endpoint (server-side)
+    try {
+      await fetch('/api/fs/logout', {
+        method: 'POST',
+        credentials: 'include',
+      })
+    } catch {
+      // Continue even if API call fails
+    }
+  } finally {
+    window.location.assign(
+      `${storeConfig.secureSubdomain}/api/vtexid/pub/logout?scope=${storeConfig.api.storeId}&returnUrl=${storeConfig.storeUrl}`
+    )
+  }
 }
 
 export const OrganizationDrawer = ({

package/src/pages/api/fs/logout.ts

@@ -0,0 +1,76 @@
+import { parse } from 'cookie'
+import type { NextApiHandler, NextApiRequest, NextApiResponse } from 'next'
+
+import discoveryConfig from 'discovery.config'
+import {
+  expireCookieServer,
+  getCookieDomains,
+  getVtexCookieNames,
+} from 'src/utils/clearCookies'
+
+const ADDITIONAL_COOKIES = ['CheckoutOrderFormOwnership'] as const
+
+/**
+ * Clears all cookies containing 'vtex' in the name (case-insensitive) + ADDITIONAL_COOKIES
+ * This endpoint handles HttpOnly cookies that cannot be cleared via JavaScript
+ */
+const handler: NextApiHandler = async (
+  request: NextApiRequest,
+  response: NextApiResponse
+) => {
+  if (request.method !== 'POST') {
+    response.status(405).end()
+    return
+  }
+
+  try {
+    const hostname = request.headers.host?.split(':')[0] ?? ''
+    const cookies = parse(request.headers.cookie ?? '')
+    const domains = getCookieDomains(hostname)
+    const clearedCookies: string[] = []
+
+    const vtexCookieNames = getVtexCookieNames(Object.keys(cookies))
+
+    // Clear vid_rt cookie with specific path (only if refreshToken is enabled)
+    if (discoveryConfig.experimental?.refreshToken && cookies.vid_rt) {
+      for (const domain of domains) {
+        const clearedCookie = expireCookieServer({
+          name: 'vid_rt',
+          path: '/api/vtexid/refreshtoken/webstore',
+          domain,
+        })
+        clearedCookies.push(clearedCookie)
+      }
+    }
+
+    // Clear other cookies with path /
+    const otherCookieNames = [
+      ...vtexCookieNames,
+      ...ADDITIONAL_COOKIES.filter((name) => cookies[name]),
+    ]
+
+    for (const cookieName of otherCookieNames) {
+      for (const domain of domains) {
+        const clearedCookie = expireCookieServer({
+          name: cookieName,
+          path: '/',
+          domain,
+        })
+        clearedCookies.push(clearedCookie)
+      }
+    }
+
+    if (clearedCookies.length > 0) {
+      response.setHeader('set-cookie', clearedCookies)
+    }
+
+    response.status(200).json({ success: true })
+  } catch (error) {
+    console.error('Error clearing cookies:', error)
+    response
+      .status(500)
+      .json({ success: false, error: 'Failed to clear cookies' })
+  }
+}
+
+export default handler

package/src/utils/clearCookies.ts

@@ -0,0 +1,79 @@
+type ExpireCookieClientParams = {
+  name: string
+  path: string
+  domain?: string
+  secure?: boolean
+}
+
+type ExpireCookieServerParams = {
+  name: string
+  path: string
+  domain?: string
+}
+
+/**
+ * Client-side: Expires a cookie by setting it to expire in the past
+ */
+export const expireCookieClient = ({
+  name,
+  path,
+  domain,
+  secure = false,
+}: ExpireCookieClientParams): void => {
+  const domainAttr = domain ? `; domain=${domain}` : ''
+  const secureAttr = secure ? '; secure' : ''
+  document.cookie = `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; path=${path}${domainAttr}; samesite=lax${secureAttr}`
+}
+
+/**
+ * Server-side: Generates a Set-Cookie header string to expire a cookie
+ */
+export const expireCookieServer = ({
+  name,
+  path,
+  domain,
+}: ExpireCookieServerParams): string => {
+  const domainAttr = domain ? `; domain=${domain}` : ''
+  return `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; path=${path}${domainAttr}; samesite=lax; httponly`
+}
+
+/**
+ * Utility functions for clearing cookies
+ * Shared logic between client-side and server-side cookie clearing
+ */
+
+/**
+ * Generates domain variations for cookie clearing
+ * Tries multiple domain combinations to ensure cookies are cleared regardless of how they were set
+ */
+export const getCookieDomains = (
+  hostname: string
+): Array<string | undefined> => [
+  undefined, // host-only cookie
+  hostname,
+  hostname.startsWith('.') ? hostname : `.${hostname}`,
+]
+
+/**
+ * Filters cookie names that contain 'vtex' (case-insensitive)
+ */
+export const getVtexCookieNames = (cookieNames: string[]): string[] => {
+  return cookieNames.filter((name) => name.toLowerCase().includes('vtex'))
+}
+
+/**
+ * Generates paths to try when clearing cookies
+ * Includes root path and all parent paths from current pathname
+ */
+export const getCookiePaths = (pathname: string): string[] => {
+  const paths: string[] = ['/']
+  const pathParts = pathname.split('/').filter(Boolean)
+
+  let current = ''
+  for (const part of pathParts) {
+    current += `/${part}`
+    if (!paths.includes(current)) paths.push(current)
+  }
+
+  return paths
+}

package/test/utils/clearCookies.test.ts

@@ -0,0 +1,232 @@
+/**
+ * @jest-environment jsdom
+ */
+
+import {
+  expireCookieClient,
+  expireCookieServer,
+  getCookieDomains,
+  getCookiePaths,
+  getVtexCookieNames,
+} from '../../src/utils/clearCookies'
+
+describe('clearCookies', () => {
+  beforeEach(() => {
+    // Clear all cookies before each test
+    document.cookie.split(';').forEach((cookie) => {
+      const name = cookie.split('=')[0].trim()
+      document.cookie = `${name}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`
+    })
+  })
+
+  describe('getCookieDomains', () => {
+    it('should return domain variations for a hostname', () => {
+      const hostname = 'example.com'
+      const domains = getCookieDomains(hostname)
+
+      expect(domains).toEqual([undefined, 'example.com', '.example.com'])
+    })
+
+    it('should handle hostname that already starts with dot', () => {
+      const hostname = '.example.com'
+      const domains = getCookieDomains(hostname)
+
+      expect(domains).toEqual([undefined, '.example.com', '.example.com'])
+    })
+
+    it('should handle localhost', () => {
+      const hostname = 'localhost'
+      const domains = getCookieDomains(hostname)
+
+      expect(domains).toEqual([undefined, 'localhost', '.localhost'])
+    })
+  })
+
+  describe('getVtexCookieNames', () => {
+    it('should filter cookies containing "vtex" (case-insensitive)', () => {
+      const cookieNames = [
+        'vtex-search-anonymous',
+        'VtexIdclientAutCookie_store',
+        'other-cookie',
+        'VTEX_SESSION',
+        'vtex_segment',
+      ]
+
+      const result = getVtexCookieNames(cookieNames)
+
+      expect(result).toEqual([
+        'vtex-search-anonymous',
+        'VtexIdclientAutCookie_store',
+        'VTEX_SESSION',
+        'vtex_segment',
+      ])
+    })
+
+    it('should return empty array when no vtex cookies found', () => {
+      const cookieNames = ['other-cookie', 'another-cookie']
+
+      const result = getVtexCookieNames(cookieNames)
+
+      expect(result).toEqual([])
+    })
+
+    it('should handle empty array', () => {
+      const result = getVtexCookieNames([])
+
+      expect(result).toEqual([])
+    })
+  })
+
+  describe('getCookiePaths', () => {
+    it('should return root path for empty pathname', () => {
+      const paths = getCookiePaths('')
+
+      expect(paths).toEqual(['/'])
+    })
+
+    it('should return root path for root pathname', () => {
+      const paths = getCookiePaths('/')
+
+      expect(paths).toEqual(['/'])
+    })
+
+    it('should return paths for nested pathname', () => {
+      const paths = getCookiePaths('/api/vtexid/logout')
+
+      expect(paths).toEqual(['/', '/api', '/api/vtexid', '/api/vtexid/logout'])
+    })
+
+    it('should handle pathname without leading slash', () => {
+      const paths = getCookiePaths('api/vtexid')
+
+      expect(paths).toEqual(['/', '/api', '/api/vtexid'])
+    })
+
+    it('should handle single segment pathname', () => {
+      const paths = getCookiePaths('/api')
+
+      expect(paths).toEqual(['/', '/api'])
+    })
+  })
+
+  describe('expireCookieClient', () => {
+    it('should expire a cookie with default parameters', () => {
+      // Set a cookie first
+      document.cookie = 'test-cookie=value; path=/'
+
+      expireCookieClient({ name: 'test-cookie', path: '/' })
+
+      expect(document.cookie).not.toContain('test-cookie=value')
+    })
+
+    it('should expire a cookie with domain', () => {
+      document.cookie = 'test-cookie=value; path=/; domain=.example.com'
+
+      expireCookieClient({
+        name: 'test-cookie',
+        path: '/',
+        domain: '.example.com',
+      })
+
+      // Note: We can't easily verify domain-specific cookies in jsdom,
+      // but we can verify the function doesn't throw
+      expect(() => {
+        expireCookieClient({
+          name: 'test-cookie',
+          path: '/',
+          domain: '.example.com',
+        })
+      }).not.toThrow()
+    })
+
+    it('should expire a cookie with secure flag', () => {
+      document.cookie = 'secure-cookie=value; path=/; secure'
+
+      expireCookieClient({
+        name: 'secure-cookie',
+        path: '/',
+        secure: true,
+      })
+
+      expect(() => {
+        expireCookieClient({
+          name: 'secure-cookie',
+          path: '/',
+          secure: true,
+        })
+      }).not.toThrow()
+    })
+
+    it('should expire a cookie with all parameters', () => {
+      expireCookieClient({
+        name: 'full-cookie',
+        path: '/api',
+        domain: '.example.com',
+        secure: true,
+      })
+
+      expect(() => {
+        expireCookieClient({
+          name: 'full-cookie',
+          path: '/api',
+          domain: '.example.com',
+          secure: true,
+        })
+      }).not.toThrow()
+    })
+  })
+
+  describe('expireCookieServer', () => {
+    it('should generate Set-Cookie header string for basic cookie', () => {
+      const result = expireCookieServer({ name: 'test-cookie', path: '/' })
+
+      expect(result).toContain('test-cookie=')
+      expect(result).toContain('expires=Thu, 01 Jan 1970 00:00:00 GMT')
+      expect(result).toContain('max-age=0')
+      expect(result).toContain('path=/')
+      expect(result).toContain('samesite=lax')
+      expect(result).toContain('httponly')
+    })
+
+    it('should generate Set-Cookie header string with domain', () => {
+      const result = expireCookieServer({
+        name: 'test-cookie',
+        path: '/',
+        domain: '.example.com',
+      })
+
+      expect(result).toContain('test-cookie=')
+      expect(result).toContain('domain=.example.com')
+      expect(result).toContain('path=/')
+      expect(result).toContain('httponly')
+    })
+
+    it('should generate Set-Cookie header string without domain when undefined', () => {
+      const result = expireCookieServer({
+        name: 'test-cookie',
+        path: '/',
+        domain: undefined,
+      })
+
+      expect(result).toContain('test-cookie=')
+      expect(result).not.toContain('domain=')
+      expect(result).toContain('path=/')
+    })
+
+    it('should generate Set-Cookie header string for specific path', () => {
+      const result = expireCookieServer({
+        name: 'vid_rt',
+        path: '/api/vtexid/refreshtoken/webstore',
+      })
+
+      expect(result).toContain('vid_rt=')
+      expect(result).toContain('path=/api/vtexid/refreshtoken/webstore')
+    })
+
+    it('should always include httponly flag', () => {
+      const result = expireCookieServer({ name: 'test-cookie', path: '/' })
+
+      expect(result).toContain('httponly')
+    })
+  })
+})