QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-19 11:14:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix CSRF token mismatch after logout by refreshing cookie

Browse Source 
After logout invalidates the session, the SPA still holds the old CSRF
cookie. Subsequent login attempts succeed but bootstrap/API calls fail
with CSRF mismatch, causing redirect back to login. Fix: fetch a fresh
CSRF cookie via /sanctum/csrf-cookie after logout completes.
This commit is contained in:
Darko Gjorgjijoski
2026-04-03 23:46:07 +02:00
parent 8e966965f5
commit acce67f514
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
resources/scripts/admin/stores/auth.js vendored
View File

@@ -46,20 +46,24 @@ export const useAuthStore = (useWindow = false) => {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
http http
.post('/auth/logout') .post('/auth/logout')
.then((response) => { .then(async (response) => {
const notificationStore = useNotificationStore() const notificationStore = useNotificationStore()
notificationStore.showNotification({ notificationStore.showNotification({
type: 'success', type: 'success',
message: 'Logged out successfully.', message: 'Logged out successfully.',
}) })
// Refresh CSRF token so next login works cleanly
await http.get('/sanctum/csrf-cookie').catch(() => {})
window.router.push('/login') window.router.push('/login')
// resetStore.clearPinia()
resolve(response) resolve(response)
}) })
.catch((err) => { .catch((err) => {
handleError(err) handleError(err)
window.router.push('/') // Still refresh CSRF and redirect on error
http.get('/sanctum/csrf-cookie').catch(() => {})
window.router.push('/login')
reject(err) reject(err)
}) })
}) })