brobert
/
taskbot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix: evita refrescar cookie durante /api/logout y limpia cookie

Browse Source 
Co-authored-by: aider (openrouter/openai/gpt-5) <aider@aider.chat>
webui
brobert 3 weeks ago
parent da025326b5
commit 5637c90d2d
2 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File

21
apps/web/src/hooks.server.ts
Unescape Escape View File

@ -9,6 +9,7 @@ function toIsoSql(d: Date): string {
export const handle: Handle = async ({ event, resolve }) => { export const handle: Handle = async ({ event, resolve }) => {
// Sesión por cookie 'sid' // Sesión por cookie 'sid'
const isLogout = event.url.pathname === '/api/logout' || event.url.pathname.startsWith('/api/logout/');
const sid = event.cookies.get('sid'); const sid = event.cookies.get('sid');
if (sid) { if (sid) {
try { try {
@ -48,17 +49,19 @@ export const handle: Handle = async ({ event, resolve }) => {
} catch {} } catch {}
} }
// Refrescar cookie (idle) // Refrescar cookie (idle) excepto durante /api/logout
event.cookies.set('sid', sid, { if (!isLogout) {
path: '/', event.cookies.set('sid', sid, {
httpOnly: true, path: '/',
sameSite: 'lax', httpOnly: true,
secure: isProd(), sameSite: 'lax',
maxAge: Math.floor(sessionIdleTtlMs / 1000) secure: isProd(),
}); maxAge: Math.floor(sessionIdleTtlMs / 1000)
});
}
} else { } else {
// Sesión inválida/expirada // Sesión inválida/expirada
event.cookies.delete('sid', { path: '/' }); event.cookies.delete('sid', { path: '/', httpOnly: true, sameSite: 'lax', secure: isProd() });
} }
} catch { } catch {
// En caso de error de DB, no romper la request; continuar sin sesión // En caso de error de DB, no romper la request; continuar sin sesión

5
apps/web/src/routes/api/logout/+server.ts
Unescape Escape View File

@ -1,6 +1,7 @@
import type { RequestHandler } from './$types'; import type { RequestHandler } from './$types';
import { getDb } from '$lib/server/db'; import { getDb } from '$lib/server/db';
import { sha256Hex } from '$lib/server/crypto'; import { sha256Hex } from '$lib/server/crypto';
import { isProd } from '$lib/server/env';
export const POST: RequestHandler = async (event) => { export const POST: RequestHandler = async (event) => {
const sid = event.cookies.get('sid'); const sid = event.cookies.get('sid');
@ -22,7 +23,7 @@ export const POST: RequestHandler = async (event) => {
// Ignorar errores de DB en logout // Ignorar errores de DB en logout
} }
} }
// Limpiar cookie // Limpiar cookie (asegurar mismos atributos que al crearla)
event.cookies.delete('sid', { path: '/' }); event.cookies.delete('sid', { path: '/', httpOnly: true, sameSite: 'lax', secure: isProd() });
return new Response(null, { status: 204 }); return new Response(null, { status: 204 });
}; };

Write Preview
Loading…
Cancel
Save