From b53f58cb0ce662cb7d4ad0c6f219b7dd4b7fb507 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E4=BE=9D=E7=91=AA=E8=B2=93?= <imacat@mail.imacat.idv.tw>
Date: Sun, 8 Mar 2026 19:25:53 +0800
Subject: [PATCH] Clear refresh token cookie during logout to enforce full
 session termination

Co-Authored-By: Codex <codex@openai.com>
---
 src/stores/login.ts        | 1 +
 tests/stores/login.test.js | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/src/stores/login.ts b/src/stores/login.ts
index c85d460..8e235b9 100644
--- a/src/stores/login.ts
+++ b/src/stores/login.ts
@@ -106,6 +106,7 @@ export const useLoginStore = defineStore("loginStore", {
      */
     logOut() {
       deleteCookie("luciaToken");
+      deleteCookie("luciaRefreshToken");
 
       this.isLoggedIn = false;
       deleteCookie("isLuciaLoggedIn");
diff --git a/tests/stores/login.test.js b/tests/stores/login.test.js
index 87bd233..491566e 100644
--- a/tests/stores/login.test.js
+++ b/tests/stores/login.test.js
@@ -163,6 +163,12 @@ describe("loginStore", () => {
       expect(store.isLoggedIn).toBe(false);
       expect(store.$router.push).toHaveBeenCalledWith("/login");
     });
+
+    it("clears refresh token cookie on logout", () => {
+      document.cookie = "luciaRefreshToken=refresh-token";
+      store.logOut();
+      expect(document.cookie).not.toContain("luciaRefreshToken=");
+    });
   });
 
   describe("getUserData", () => {