strapi-sdk-js icon indicating copy to clipboard operation
strapi-sdk-js copied to clipboard
verified publisher icon Stun3R

removeToken on subdomain

Open cossssmin opened this issue 4 years ago • 0 comments

Hey, thanks for your work on the library! :)

I'm using strapi-sdk-js like this in Nuxt 2:

import Strapi from 'strapi-sdk-js'

export default ({$config}, inject) => {
  const strapi = new Strapi({
    url: $config.strapiBase,
    store: {
      cookieOptions: {
        path: '/',
        expires: 90,
        domain: example.com,
      },
    }
  })

  inject('strapi', strapi)
}

My app is located at my.example.com.

When calling strapi.logout() (or strapi.removeToken()), it doesn't remove the strapi_jwt cookie (because it's on a different domain?), so you can go back and still browse the app as if you were logged in, because the token is still in storage.

This is also a problem if you try to log in right after logging out - trying to log in with a valid token present in storage will not work.

cossssmin avatar Mar 10 '22 14:03 cossssmin