I have xenforo hosted on forums.xxxxxxxx.xxx
And a regular site on www.xxxxxxxx.xxx
The cookie domain is xxxxxxxx.xxx, so that both sites share some cookies.
I am using the XF2 API to synchronize the session on forums and www via the xf_session cookie.
I want to add a "log out" link on the www site. But I will get a CSRF error because the www site does not have the CSRF token.
Is it enough for me to just delete the xf_session cookie, to log the user out of both forums and www?
And a regular site on www.xxxxxxxx.xxx
The cookie domain is xxxxxxxx.xxx, so that both sites share some cookies.
I am using the XF2 API to synchronize the session on forums and www via the xf_session cookie.
I want to add a "log out" link on the www site. But I will get a CSRF error because the www site does not have the CSRF token.
Is it enough for me to just delete the xf_session cookie, to log the user out of both forums and www?
