Skip to content

Commit d8df449

Browse files
joyewon0705joyewon0705
committed
Ref: CookieUtil 및 관련 코드 개선
1 parent 9ebc8d5 commit d8df449

File tree

2 files changed

+58
-15
lines changed

2 files changed

+58
-15
lines changed

src/main/java/com/back/domain/user/service/AuthService.java

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -125,9 +125,11 @@ public LoginResponse login(LoginRequest request, HttpServletResponse response) {
125125
"refreshToken",
126126
refreshToken,
127127
(int) jwtTokenProvider.getRefreshTokenExpirationInSeconds(),
128-
"/api/auth"
128+
"/",
129+
true
129130
);
130131

132+
131133
// LoginResponse 반환
132134
return new LoginResponse(
133135
accessToken,
@@ -156,7 +158,12 @@ public void logout(HttpServletRequest request, HttpServletResponse response) {
156158
userTokenRepository.deleteByRefreshToken(refreshToken);
157159

158160
// 쿠키 삭제
159-
CookieUtil.clearCookie(response, "refreshToken", "/api/auth");
161+
CookieUtil.clearCookie(
162+
response,
163+
"refreshToken",
164+
"/",
165+
true
166+
);
160167
}
161168

162169
/**

src/main/java/com/back/global/util/CookieUtil.java

Lines changed: 49 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,23 +3,59 @@
33
import jakarta.servlet.http.Cookie;
44
import jakarta.servlet.http.HttpServletResponse;
55

6+
import jakarta.servlet.http.Cookie;
7+
import jakarta.servlet.http.HttpServletResponse;
8+
69
public class CookieUtil {
710

8-
public static void addCookie(HttpServletResponse response, String name, String value, int maxAge, String path) {
11+
/**
12+
* 쿠키 추가 메서드
13+
*
14+
* @param response HttpServletResponse 객체
15+
* @param name 쿠키 이름
16+
* @param value 쿠키 값
17+
* @param maxAge 쿠키 수명 (초 단위, 음수: 브라우저 종료 시 삭제, 0: 즉시 삭제)
18+
* @param path 쿠키 경로 (null이면 "/")
19+
* @param secure HTTPS에서만 전송 여부
20+
*/
21+
public static void addCookie(
22+
HttpServletResponse response,
23+
String name,
24+
String value,
25+
int maxAge,
26+
String path,
27+
boolean secure
28+
) {
929
Cookie cookie = new Cookie(name, value);
10-
cookie.setHttpOnly(true);
11-
cookie.setSecure(true);
12-
cookie.setPath(path);
30+
cookie.setHttpOnly(true); // JS 접근 차단
31+
cookie.setSecure(secure); // HTTPS에서만 전송 (dev/prod 분기 권장)
32+
cookie.setPath(path != null ? path : "/"); // 기본 path = /
1333
cookie.setMaxAge(maxAge);
14-
response.addCookie(cookie);
34+
35+
// SameSite 설정 → Servlet Cookie API엔 없어서 수동 헤더 추가 필요
36+
String sameSite = secure ? "None" : "Lax";
37+
// cross-site 환경이면 None + Secure, same-site면 Strict/Lax 선택
38+
response.addHeader("Set-Cookie",
39+
String.format("%s=%s; Max-Age=%d; Path=%s; HttpOnly; Secure=%s; SameSite=%s",
40+
cookie.getName(),
41+
cookie.getValue(),
42+
cookie.getMaxAge(),
43+
cookie.getPath(),
44+
cookie.getSecure() ? "true" : "false",
45+
sameSite
46+
)
47+
);
1548
}
1649

17-
public static void clearCookie(HttpServletResponse response, String name, String path) {
18-
Cookie cookie = new Cookie(name, null);
19-
cookie.setHttpOnly(true);
20-
cookie.setSecure(true);
21-
cookie.setPath(path);
22-
cookie.setMaxAge(0);
23-
response.addCookie(cookie);
50+
/**
51+
* 쿠키 삭제 메서드
52+
*
53+
* @param response HttpServletResponse 객체
54+
* @param name 삭제할 쿠키 이름
55+
* @param path 쿠키 경로 (null이면 "/")
56+
* @param secure HTTPS에서만 전송 여부
57+
*/
58+
public static void clearCookie(HttpServletResponse response, String name, String path, boolean secure) {
59+
addCookie(response, name, "", 0, path, secure);
2460
}
25-
}
61+
}

0 commit comments

Comments
 (0)