Add Secure and SameSite=Lax flags to all cookie operations
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -4,6 +4,7 @@ import pinia from '@/stores/main.ts';
|
||||
import {useToast} from 'vue-toast-notification';
|
||||
import 'vue-toast-notification/dist/theme-sugar.css';
|
||||
import axios from "axios";
|
||||
import { deleteCookie } from "@/utils/cookieUtil.js";
|
||||
|
||||
const loading = loadingStore(pinia);
|
||||
const $toast = useToast();
|
||||
@@ -19,7 +20,7 @@ const delay = (s = 0) => new Promise((resolve, reject) => setTimeout(resolve, s
|
||||
export default async function apiError(error, toastMessage) {
|
||||
if(error.request?.status === 401) {
|
||||
delete axios.defaults.headers.common["Authorization"];
|
||||
document.cookie = 'luciaToken=; expires=Thu, 01 Jan 1970 00:00:00 UTC;';
|
||||
deleteCookie("luciaToken");
|
||||
return router.push('/login');
|
||||
}
|
||||
await delay();
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import { defineStore } from "pinia";
|
||||
import axios from 'axios';
|
||||
import apiError from '@/module/apiError.js';
|
||||
import { deleteCookie, setCookie, getCookie } from "../utils/cookieUtil";
|
||||
import { deleteCookie, setCookie, setCookieWithoutExpiration, getCookie } from "../utils/cookieUtil";
|
||||
|
||||
export default defineStore('loginStore', {
|
||||
// data, methods, computed
|
||||
@@ -37,8 +37,8 @@ export default defineStore('loginStore', {
|
||||
const accessToken = response.data.access_token;
|
||||
const refresh_token = response.data.refresh_token;
|
||||
// 將 token 儲存在 cookie
|
||||
document.cookie = `luciaToken=${accessToken}`;
|
||||
document.cookie = `luciaRefreshToken=${refresh_token};expires=${new Date(this.expired)};`;
|
||||
setCookieWithoutExpiration("luciaToken", accessToken);
|
||||
setCookie("luciaRefreshToken", refresh_token, Math.ceil((this.expired - Date.now()) / (24 * 60 * 60 * 1000)));
|
||||
|
||||
this.isLoggedIn = true;
|
||||
setCookie("isLuciaLoggedIn", "true");
|
||||
@@ -76,8 +76,8 @@ export default defineStore('loginStore', {
|
||||
const newAccessToken = response.data.access_token;
|
||||
const newRefreshToken = response.data.refresh_token;
|
||||
|
||||
document.cookie = `luciaToken=${newAccessToken}`;
|
||||
document.cookie = `luciaRefreshToken=${newRefreshToken};expires=${new Date(this.expired)}`;
|
||||
setCookieWithoutExpiration("luciaToken", newAccessToken);
|
||||
setCookie("luciaRefreshToken", newRefreshToken, Math.ceil((this.expired - Date.now()) / (24 * 60 * 60 * 1000)));
|
||||
|
||||
axios.defaults.headers.common['Authorization'] = `Bearer ${newAccessToken}`;
|
||||
}
|
||||
@@ -92,7 +92,7 @@ export default defineStore('loginStore', {
|
||||
*/
|
||||
logOut() {
|
||||
delete axios.defaults.headers.common["Authorization"];
|
||||
document.cookie = 'luciaToken=; expires=Thu, 01 Jan 1970 00:00:00 UTC;';
|
||||
deleteCookie("luciaToken");
|
||||
|
||||
this.isLoggedIn = false;
|
||||
deleteCookie("isLuciaLoggedIn");
|
||||
|
||||
@@ -19,14 +19,14 @@ export function setCookie(name, value, days=1) {
|
||||
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
|
||||
expires = "; expires=" + date.toUTCString();
|
||||
}
|
||||
document.cookie = name + "=" + (value || "") + expires + "; path=/";
|
||||
document.cookie = name + "=" + (value || "") + expires + "; path=/; Secure; SameSite=Lax";
|
||||
}
|
||||
|
||||
export function setCookieWithoutExpiration(name, value) {
|
||||
document.cookie = name + "=" + (value || "");
|
||||
document.cookie = name + "=" + (value || "") + "; Secure; SameSite=Lax";
|
||||
}
|
||||
|
||||
export function deleteCookie(name, path = '/') {
|
||||
document.cookie = name + '=; Max-Age=-99999999; path=' + path;
|
||||
document.cookie = name + '=; Max-Age=-99999999; path=' + path + '; Secure; SameSite=Lax';
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user