From 8389e1954fa28cf5880d656d850ecb62e19417b6 Mon Sep 17 00:00:00 2001 From: jjikky Date: Sat, 29 Jun 2024 17:57:33 +0900 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20=EC=BF=A0=ED=82=A4=20sameS?= =?UTF-8?q?ite=20=EC=98=B5=EC=85=98=20=EC=84=A4=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/routes/user/user.controller.js | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/routes/user/user.controller.js b/src/routes/user/user.controller.js index f76beed..fec39f2 100755 --- a/src/routes/user/user.controller.js +++ b/src/routes/user/user.controller.js @@ -100,8 +100,10 @@ exports.localLogin = async (req, res, next) => { const accessToken = generateAccessToken(user); const refreshToken = generateRefreshToken(user); - res.cookie('accessToken', accessToken, { httpOnly: false, maxAge: 10 * 60 * 1000 }); - res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 24 * 60 * 60 * 1000 }); + + // production 환경에서는 secure 필요 혹은 LAX로 변경, 쿠키와 토큰 주기 변경 + res.cookie('accessToken', accessToken, { httpOnly: false, maxAge: 10 * 60 * 1000, sameSite: 'None' }); + res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 24 * 60 * 60 * 1000, sameSite: 'None' }); return sendResponse.ok(res, { message: SucesssMessage.LOGIN_SUCCESSS, @@ -130,8 +132,8 @@ exports.kakaoLogin = async (req, res) => { const accessToken = generateAccessToken(user); const refreshToken = generateRefreshToken(user); - res.cookie('accessToken', accessToken, { httpOnly: false, maxAge: 10 * 60 * 1000 }); - res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 24 * 60 * 60 * 1000 }); + res.cookie('accessToken', accessToken, { httpOnly: false, maxAge: 10 * 60 * 1000, sameSite: 'None' }); + res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 24 * 60 * 60 * 1000, sameSite: 'None' }); sendResponse.ok(res, { message: SucesssMessage.LOGIN_SUCCESSS,