commit e2e708835a5ebe969fc44559ab6a866a4c81161a
parent a1308acc617b42b059b03eaf9c80e0eb681d1bcc
Author: Yongbin Kim <iam@yongbin.kim>
Date: Mon, 30 Jan 2023 10:19:05 +0900
fix: refresh 할 때 기존 세션 제거되지 않던 문제 수정
Signed-off-by: Yongbin Kim <iam@yongbin.kim>
Diffstat:
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/pages/api/auth/refresh.ts b/pages/api/auth/refresh.ts
@@ -1,6 +1,6 @@
import { ERR_METHOD_NOT_ALLOWED, ERR_UNAUTHORIZED } from '@/lib/apierror'
import { getRefreshTokenCookieName } from '@/lib/env'
-import { getSession, putSession } from '@/lib/security/session'
+import { deleteSession, getSession, putSession } from '@/lib/security/session'
import { verifyToken } from '@/lib/security/token'
import { signAndSendToken } from '@/pages/api/auth/token'
import { nanoid } from 'nanoid'
@@ -36,7 +36,10 @@ export default async function handler (
return
}
- // Update session - 기존 TID를 새로운 TID로 교체해, 기존 토큰을 무효화
+ // 기존 세션 제거
+ await deleteSession(oldTID)
+
+ // 새로운 세션 생성
const tid = nanoid()
await putSession({
...session,
