|
|
@@ -1,33 +1,41 @@
|
|
|
-import Cookies from "js-cookie";
|
|
|
+// import Cookies from "js-cookie";
|
|
|
|
|
|
/**
|
|
|
* FIXME: 原本以为设置httponly的cookie可以防止token被XSS攻击,但是前端设置不了httponly的cookie。
|
|
|
* 理论上前端存储在cookie和localStorage的token都可能被盗。
|
|
|
+ *
|
|
|
+ * 为了确保一个tab也可以登录一个用户,所以用sessionStorage,多个tab不会相互干扰,但也不能共享权限信息了。
|
|
|
*/
|
|
|
const TokenKey = "Token";
|
|
|
|
|
|
export function getToken() {
|
|
|
- return Cookies.get(TokenKey);
|
|
|
+ // return Cookies.get(TokenKey);
|
|
|
+ return sessionStorage.getItem(TokenKey);
|
|
|
}
|
|
|
|
|
|
export function setToken(token: string) {
|
|
|
- return Cookies.set(TokenKey, token);
|
|
|
+ // return Cookies.set(TokenKey, token);
|
|
|
+ return sessionStorage.setItem(TokenKey, token);
|
|
|
}
|
|
|
|
|
|
export function removeToken() {
|
|
|
- return Cookies.remove(TokenKey);
|
|
|
+ // return Cookies.remove(TokenKey);
|
|
|
+ return sessionStorage.removeItem(TokenKey);
|
|
|
}
|
|
|
|
|
|
const SessionKey = "SessionKey";
|
|
|
|
|
|
export function getSessionId() {
|
|
|
- return Cookies.get(SessionKey);
|
|
|
+ // return Cookies.get(SessionKey);
|
|
|
+ return sessionStorage.getItem(SessionKey);
|
|
|
}
|
|
|
|
|
|
export function setSessionId(sessionId: string) {
|
|
|
- return Cookies.set(SessionKey, sessionId);
|
|
|
+ // return Cookies.set(SessionKey, sessionId);
|
|
|
+ return sessionStorage.setItem(SessionKey, sessionId);
|
|
|
}
|
|
|
|
|
|
export function removeSessionId() {
|
|
|
- return Cookies.remove(SessionKey);
|
|
|
+ // return Cookies.remove(SessionKey);
|
|
|
+ return sessionStorage.removeItem(SessionKey);
|
|
|
}
|
Michael Wang