ログアウトの処理と外部サービス連携Viewがセッションクッキーを作らないように (#4856)

2 files changed, 6 insertions, 2 deletions

diff --git a/src/client/app/common/views/components/settings/integration.vue b/src/client/app/common/views/components/settings/integration.vue
index b91880679f..8ac0c134c0 100644
--- a/src/client/app/common/views/components/settings/integration.vue
+++ b/src/client/app/common/views/components/settings/integration.vue
@@ -54,7 +54,11 @@ export default Vue.extend({
 	},
 
 	mounted() {
-		document.cookie = `i=${this.$store.state.i.token}`;
+		if (!document.cookie.match(/i=(\w+)/)) {
+			document.cookie = `i=${this.$store.state.i.token}; path=/;` +
+			` domain=${document.location.hostname}; max-age=31536000;` +
+			(document.location.protocol.startsWith('https') ? ' secure' : '');
+		}
 		this.$watch('$store.state.i', () => {
 			if (this.$store.state.i.twitter) {
 				if (this.twitterForm) this.twitterForm.close();
diff --git a/src/client/app/store.ts b/src/client/app/store.ts
index a6f2a0b00b..b137f79989 100644
--- a/src/client/app/store.ts
+++ b/src/client/app/store.ts
@@ -126,7 +126,7 @@ export default (os: MiOS) => new Vuex.Store({
 
 		logout(ctx) {
 			ctx.commit('updateI', null);
-			document.cookie = 'i=;';
+			document.cookie = `i=; max-age=0; domain=${document.location.hostname}`;
 			localStorage.removeItem('i');
 		},