Clear refresh token cookie during logout to enforce full session termination

Co-Authored-By: Codex <codex@openai.com>
2026-03-08 19:25:53 +08:00
parent cf45a43a37
commit b53f58cb0c
2 changed files with 7 additions and 0 deletions
--- a/src/stores/login.ts
+++ b/src/stores/login.ts
@@ -106,6 +106,7 @@ export const useLoginStore = defineStore("loginStore", {
     */
    logOut() {
      deleteCookie("luciaToken");
+      deleteCookie("luciaRefreshToken");

      this.isLoggedIn = false;
      deleteCookie("isLuciaLoggedIn");
--- a/tests/stores/login.test.js
+++ b/tests/stores/login.test.js
@@ -163,6 +163,12 @@ describe("loginStore", () => {
      expect(store.isLoggedIn).toBe(false);
      expect(store.$router.push).toHaveBeenCalledWith("/login");
    });
+
+    it("clears refresh token cookie on logout", () => {
+      document.cookie = "luciaRefreshToken=refresh-token";
+      store.logOut();
+      expect(document.cookie).not.toContain("luciaRefreshToken=");
+    });
  });

  describe("getUserData", () => {