From b403a01ced4457a3da6f2335e1bff03af143cd38 Mon Sep 17 00:00:00 2001
From: Debatty-Tom <145542891+Debatty-Tom@users.noreply.github.com>
Date: Fri, 10 Oct 2025 16:18:49 +0200
Subject: [PATCH] Remove all cookies if reset action

---
 src/Http/Controllers/ResetController.php | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/src/Http/Controllers/ResetController.php b/src/Http/Controllers/ResetController.php
index 47121ca..b79dc53 100644
--- a/src/Http/Controllers/ResetController.php
+++ b/src/Http/Controllers/ResetController.php
@@ -2,6 +2,7 @@
 
 namespace Whitecube\LaravelCookieConsent\Http\Controllers;
 
+use Illuminate\Support\Facades\Cookie;
 use Whitecube\LaravelCookieConsent\CookiesManager;
 use Illuminate\Http\Request;
 
@@ -9,7 +10,14 @@ class ResetController
 {
     public function __invoke(Request $request, CookiesManager $cookies)
     {
-        $response = ! $request->expectsJson()
+        $exclude = ['XSRF-TOKEN', 'laravel-session'];
+
+        $keys = array_filter(
+            array_keys($request->cookies->all()),
+            fn($key) => !in_array($key, $exclude, true)
+        );
+
+        $response = !$request->expectsJson()
             ? redirect()->back()
             : response()->json([
                 'status' => 'ok',
@@ -17,9 +25,13 @@ public function __invoke(Request $request, CookiesManager $cookies)
                 'notice' => $cookies->getNoticeMarkup(),
             ]);
 
-        return $response->withoutCookie(
-            cookie: config('cookieconsent.cookie.name'),
-            domain: config('cookieconsent.cookie.domain'),
-        );
+        foreach ($keys as $key) {
+            $response->withoutCookie(
+                cookie: $key,
+                domain: config('cookieconsent.cookie.domain'),
+            );
+        }
+
+        return $response;
     }
 }