kc3hack · toaru005 · Feb 21, 2026 · Feb 21, 2026 · Copilot · Feb 21, 2026
diff --git a/Backend/Workspace/Routes/Login.js b/Backend/Workspace/Routes/Login.js
@@ -57,7 +57,7 @@ router.get(
  * - DBからユーザー情報を取得
  * - ハッシュ検証後にクッキーを発行
  */
-router.post("/Submit", InverseVCM('LOGIN_TOKEN', process.env.LOGIN_SECRET), async (req, res) => {
+router.post("/Submit", async (req, res) => {
 
   // 0. 処理開始ログ
   console.log("/Login/Submit-API is running!");

diff --git a/Backend/Workspace/Routes/Register.js b/Backend/Workspace/Routes/Register.js
@@ -178,6 +178,17 @@ router.post(
         parallelism: 1
       });
 
+      // 4. Cookie発行
+      CreateCookie({
+        res,
+        cookieName: 'LOGIN_TOKEN',
+        payload: { userId, address: address },
+        secretKey: process.env.LOGIN_SECRET,
+        deadlineHours: 24, // 1日有効
-        deadlineHours: 24, // 1日有効
+        deadlineHours: 24, // JWTは1日有効（Cookie自体はセッション有効）
-        deadlineHours: 24, // 1日有効
+        deadlineHours: 24, // JWTは1日有効（Cookie自体はセッション有効）
+        httpOnly: true,
+        sameSite: 'strict'
+      });
+
 
       // =====================================================
       // 5. DB保存