Open trandaison opened 2 years ago
module: 5.0.0-1624817847.21691f1 nuxt: 2.15.7
I want to set the cookie for mydomain.com and m.mydomain.com, so the value of domain option is '.mydomain.com'
mydomain.com
m.mydomain.com
'.mydomain.com'
auth: { cookie: { options: { domain: '.mydomain.com', }, }, },
n/a
When I perform logout, I cannot access secret pages, it should redirect to login page instead.
When I perform logout, it redirect to login page but after that, I still can access secret pages.
Just set the domain option as above to allow domain and its subdomains log in. Perform logout and enter any secret page.
I found that the removeUniversal function calls removeCookie function without any options. It should have passed the options object in order to set the cookie properly. https://github.dev/nuxt-community/auth-module/blob/c9880dc28f/src/schemes/local.ts
removeUniversal
removeUniversal(key: string): void { this.removeState(key) this.removeLocalStorage(key) this.removeCookie(key) } removeCookie(key: string, options?: { prefix?: string }): void { this.setCookie(key, undefined, options) }
Version
module: 5.0.0-1624817847.21691f1 nuxt: 2.15.7
Nuxt configuration
I want to set the cookie for
mydomain.com
andm.mydomain.com
, so the value of domain option is'.mydomain.com'
mode:
Reproduction
n/a
What is expected?
When I perform logout, I cannot access secret pages, it should redirect to login page instead.
What is actually happening?
When I perform logout, it redirect to login page but after that, I still can access secret pages.
Steps to reproduce
Just set the domain option as above to allow domain and its subdomains log in. Perform logout and enter any secret page.
Additional information
I found that the
removeUniversal
function calls removeCookie function without any options. It should have passed the options object in order to set the cookie properly. https://github.dev/nuxt-community/auth-module/blob/c9880dc28f/src/schemes/local.ts