这是弹簧配置。安全 cookie 类只是 cookie 的工厂。
public class SecureCookie extends Cookie {
public static final String accessTokenKey = "access_token";
public static final String refreshTokenKey = "refresh_token";
public SecureCookie(String name, String value) {
super(name, value);
this.setHttpOnly(false);
this.setPath("/");
this.setSecure(false);
this.setMaxAge((int) Duration.ofDays(60).toSeconds());
}
public static SecureCookie delete(String key) {
SecureCookie cookie = new SecureCookie(key, null);
cookie.setMaxAge(0);
return cookie;
}
}
我尝试使用适当的处理程序删除 cookie,称为
deleteCookies
方法,但没有任何效果。
http.logout(logout ->
logout
.logoutUrl("/api/auth/logout")
.addLogoutHandler(
new CookieClearingLogoutHandler(
SecureCookie.delete(SecureCookie.accessTokenKey),
SecureCookie.delete(SecureCookie.refreshTokenKey)
)
)
.logoutSuccessHandler(
(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.NO_CONTENT))
)
.deleteCookies(
SecureCookie.accessTokenKey,
SecureCookie.refreshTokenKey
)
.logoutSuccessUrl("http://localhost:3000")
我正在用 axios 发出请求,这是它的代码
const res = await axios.post("http://localhost:5000/api/auth/logout", {
withCredentials: true,
});
包含凭据,我在前端没有收到任何错误。可能是什么问题?
Spring 工作,问题出在 axios, 而不是:
const res = await axios.post("http://localhost:5000/api/auth/logout", {
withCredentials: true,
});
包含 withCredentials 的对象应该像这样作为第三个参数放置:
const res = await axios.post(
"http://localhost:5000/api/auth/logout",
{},
{ withCredentials: true }
);