imacat/lucia-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clear refresh token cookie during logout to enforce full session termination

Browse Source 
Co-Authored-By: Codex <codex@openai.com>
This commit is contained in:
依瑪貓
2026-03-08 19:25:53 +08:00
parent cf45a43a37
commit b53f58cb0c
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/stores/login.ts
View File

@@ -106,6 +106,7 @@ export const useLoginStore = defineStore("loginStore", {
*/ */
logOut() { logOut() {
deleteCookie("luciaToken"); deleteCookie("luciaToken");
deleteCookie("luciaRefreshToken");
this.isLoggedIn = false; this.isLoggedIn = false;
deleteCookie("isLuciaLoggedIn"); deleteCookie("isLuciaLoggedIn");

6
tests/stores/login.test.js
View File

@@ -163,6 +163,12 @@ describe("loginStore", () => {
expect(store.isLoggedIn).toBe(false); expect(store.isLoggedIn).toBe(false);
expect(store.$router.push).toHaveBeenCalledWith("/login"); expect(store.$router.push).toHaveBeenCalledWith("/login");
}); });
it("clears refresh token cookie on logout", () => {
document.cookie = "luciaRefreshToken=refresh-token";
store.logOut();
expect(document.cookie).not.toContain("luciaRefreshToken=");
});
}); });
describe("getUserData", () => { describe("getUserData", () => {