diff --git a/src/main/java/goormthon/team28/startup_valley/security/handler/logout/CustomLogoutResultHandler.java b/src/main/java/goormthon/team28/startup_valley/security/handler/logout/CustomLogoutResultHandler.java index 7c3f7d8..1bc0911 100644 --- a/src/main/java/goormthon/team28/startup_valley/security/handler/logout/CustomLogoutResultHandler.java +++ b/src/main/java/goormthon/team28/startup_valley/security/handler/logout/CustomLogoutResultHandler.java @@ -8,6 +8,7 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; import org.springframework.stereotype.Component; @@ -17,12 +18,17 @@ @Slf4j @Component public class CustomLogoutResultHandler implements LogoutSuccessHandler { + + @Value("${server.domain}") + private String domain; + @Override public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { if (authentication == null){ log.info("인증 정보가 존재하지 않습니다. authentication is null.."); AuthenticationResponse.makeFailureResponse(response, ErrorCode.NOT_FOUND_USER); } + CookieUtil.logoutCookie(request, response, domain); CookieUtil.deleteCookie(request, response, Constants.ACCESS_COOKIE_NAME); CookieUtil.deleteCookie(request, response, Constants.REFRESH_COOKIE_NAME); AuthenticationResponse.makeSuccessResponse(response); diff --git a/src/main/java/goormthon/team28/startup_valley/util/CookieUtil.java b/src/main/java/goormthon/team28/startup_valley/util/CookieUtil.java index 726627c..93ddb69 100644 --- a/src/main/java/goormthon/team28/startup_valley/util/CookieUtil.java +++ b/src/main/java/goormthon/team28/startup_valley/util/CookieUtil.java @@ -1,5 +1,6 @@ package goormthon.team28.startup_valley.util; +import goormthon.team28.startup_valley.constants.Constants; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -17,6 +18,29 @@ public static void addCookie(HttpServletResponse response, String domain, String response.addHeader("Set-Cookie", cookie.toString()); } + + public static void logoutCookie(HttpServletRequest request, HttpServletResponse response, String domain) { + Cookie[] cookies = request.getCookies(); + if (cookies == null) + return; + + for (Cookie cookie : cookies) { + boolean isAccessCookie = cookie.getName().equals(Constants.ACCESS_COOKIE_NAME); + boolean isRefreshCookie = cookie.getName().equals(Constants.REFRESH_COOKIE_NAME); + + if (isAccessCookie || isRefreshCookie) { + ResponseCookie tempCookie = ResponseCookie.from(cookie.getName(), cookie.getValue()) + .path("/") + .domain(domain) + .secure(true) + .maxAge(0) + .httpOnly(isRefreshCookie) + .build(); + response.addHeader("Set-Cookie", tempCookie.toString()); + } + } + } + public static void addSecureCookie(HttpServletResponse response, String domain, String key, String value, Integer maxAge){ Cookie cookie = new Cookie(key, value); cookie.setPath("/"); @@ -26,6 +50,7 @@ public static void addSecureCookie(HttpServletResponse response, String domain, cookie.setMaxAge(maxAge); response.addCookie(cookie); } + public static void deleteCookie(HttpServletRequest request, HttpServletResponse response, String name){ Cookie[] cookies = request.getCookies(); if (cookies == null){