Merge pull request #28 from mju-likelion/feature/login-cookie-error-#24

Feature/#24 로그인 시 Cookie 설정 문제
mju-likelion · Feb 27, 2024 · fc9848a · fc9848a
2 parents a3204fe + e67f1fb
commit fc9848a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/src/main/java/org/mjulikelion/baker/config/SecurityConfig.java b/src/main/java/org/mjulikelion/baker/config/SecurityConfig.java
@@ -9,7 +9,6 @@
 import static org.mjulikelion.baker.model.Role.ROLE_ADMIN;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import lombok.RequiredArgsConstructor;
@@ -23,6 +22,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseCookie;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -72,11 +72,11 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws
                     logout
                             .logoutUrl(logoutUrl)
                             .logoutSuccessHandler((request, response, authentication) -> {
-                                Cookie cookie = new Cookie(ACCESS_TOKEN, null);
-                                cookie.setMaxAge(ZERO);
-                                cookie.setHttpOnly(true);
-                                cookie.setPath(ALL_PATH);
-                                response.addCookie(cookie);
+                                ResponseCookie cookie = ResponseCookie.from(ACCESS_TOKEN, "")
+                                        .maxAge(ZERO)
+                                        .path("/")
+                                        .build();
+                                response.addHeader("Set-Cookie", cookie.toString());
 
                                 this.makeResponse(response, HttpStatus.OK, "로그아웃 되었습니다.");
                             })

diff --git a/src/main/java/org/mjulikelion/baker/service/auth/AuthQueryServiceImpl.java b/src/main/java/org/mjulikelion/baker/service/auth/AuthQueryServiceImpl.java
@@ -48,8 +48,9 @@ public ResponseEntity<ResponseDto<Void>> login(AuthLoginRequestDto authLoginRequ
             String jwtToken = jwtTokenProvider.generateToken(authentication).getAccessToken();
 
             ResponseCookie cookie = ResponseCookie.from(ACCESS_TOKEN, JwtEncoder.encodeJwtBearerToken(jwtToken))
+                    .secure(true)
                     .sameSite(String.valueOf(SameSite.NONE))
-                    .maxAge(Duration.ofMinutes(cookieMaxAge))
+                    .maxAge(Duration.ofMillis(cookieMaxAge))
                     .httpOnly(true)
                     .path(ROOT_PATH)
                     .build();