feat: implement server-side session management with session ID storage and cleanup
All checks were successful
Build And Push Image / docker (push) Successful in 2m51s
All checks were successful
Build And Push Image / docker (push) Successful in 2m51s
This commit is contained in:
@@ -307,19 +307,23 @@ export default defineEventHandler(async (event) => {
|
||||
sessionSize: JSON.stringify(sessionData).length
|
||||
});
|
||||
|
||||
// Create session with appropriate expiration
|
||||
// Create session with server-side storage
|
||||
const sessionManager = createSessionManager();
|
||||
const maxAge = !!rememberMe ? 60 * 60 * 24 * 30 : 60 * 60 * 24 * 7; // 30 days vs 7 days
|
||||
|
||||
try {
|
||||
// Create the encrypted session data
|
||||
const sessionData_json = JSON.stringify(sessionData);
|
||||
const encrypted = sessionManager.encrypt(sessionData_json);
|
||||
// Create session and get cookie string
|
||||
const cookieString = sessionManager.createSession(sessionData, !!rememberMe);
|
||||
|
||||
console.log(`🍪 Setting session cookie (Remember Me: ${!!rememberMe}), size: ${encrypted.length} chars`);
|
||||
// Parse the cookie string to get the session ID
|
||||
const cookieParts = cookieString.split(';')[0].split('=');
|
||||
const sessionId = cookieParts[1];
|
||||
|
||||
// Use Nuxt's setCookie helper directly with the encrypted value
|
||||
setCookie(event, 'monacousa-session', encrypted, {
|
||||
console.log(`🍪 Setting session cookie (Remember Me: ${!!rememberMe}), session ID: ${sessionId.substring(0, 8)}...`);
|
||||
console.log(`📏 Cookie size: ${sessionId.length} chars (much smaller!)`);
|
||||
|
||||
// Set the cookie using Nuxt's setCookie helper
|
||||
const maxAge = !!rememberMe ? 60 * 60 * 24 * 30 : 60 * 60 * 24 * 7; // 30 days vs 7 days
|
||||
setCookie(event, 'monacousa-session', sessionId, {
|
||||
httpOnly: true,
|
||||
secure: true,
|
||||
sameSite: 'none',
|
||||
|
||||
@@ -1,8 +1,15 @@
|
||||
export default defineEventHandler(async (event) => {
|
||||
const sessionManager = createSessionManager();
|
||||
const destroyCookie = sessionManager.destroySession();
|
||||
const cookieHeader = getHeader(event, 'cookie');
|
||||
|
||||
console.log('🚪 Logout requested');
|
||||
|
||||
// Clear the session from server-side store
|
||||
const destroyCookie = sessionManager.destroySession(cookieHeader);
|
||||
|
||||
setHeader(event, 'Set-Cookie', destroyCookie);
|
||||
|
||||
console.log('✅ Logout successful');
|
||||
|
||||
return { success: true };
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user