imacat/lucia-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Secure and SameSite=Lax flags to all cookie operations

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
依瑪貓
2026-03-06 07:51:14 +08:00
parent 64832bb5f9
commit 954b41b555
5 changed files with 84 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/stores/login.ts
View File

@@ -1,7 +1,7 @@
import { defineStore } from "pinia";
import axios from 'axios';
import apiError from '@/module/apiError.js';
import { deleteCookie, setCookie, getCookie } from "../utils/cookieUtil";
import { deleteCookie, setCookie, setCookieWithoutExpiration, getCookie } from "../utils/cookieUtil";
export default defineStore('loginStore', {
// data, methods, computed
@@ -37,8 +37,8 @@ export default defineStore('loginStore', {
const accessToken = response.data.access_token;
const refresh_token = response.data.refresh_token;
// 將 token 儲存在 cookie
document.cookie = `luciaToken=${accessToken}`;
document.cookie = `luciaRefreshToken=${refresh_token};expires=${new Date(this.expired)};`;
setCookieWithoutExpiration("luciaToken", accessToken);
setCookie("luciaRefreshToken", refresh_token, Math.ceil((this.expired - Date.now()) / (24 * 60 * 60 * 1000)));
this.isLoggedIn = true;
setCookie("isLuciaLoggedIn", "true");
@@ -76,8 +76,8 @@ export default defineStore('loginStore', {
const newAccessToken = response.data.access_token;
const newRefreshToken = response.data.refresh_token;
document.cookie = `luciaToken=${newAccessToken}`;
document.cookie = `luciaRefreshToken=${newRefreshToken};expires=${new Date(this.expired)}`;
setCookieWithoutExpiration("luciaToken", newAccessToken);
setCookie("luciaRefreshToken", newRefreshToken, Math.ceil((this.expired - Date.now()) / (24 * 60 * 60 * 1000)));
axios.defaults.headers.common['Authorization'] = `Bearer ${newAccessToken}`;
}
@@ -92,7 +92,7 @@ export default defineStore('loginStore', {
*/
logOut() {
delete axios.defaults.headers.common["Authorization"];
document.cookie = 'luciaToken=; expires=Thu, 01 Jan 1970 00:00:00 UTC;';
deleteCookie("luciaToken");
this.isLoggedIn = false;
deleteCookie("isLuciaLoggedIn");