-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT token not cleared out from axios headers on logout #296
Comments
Hi, i was wondering, i see there is not validating token for every API endpoint. Are u only check user for every load the route? |
Look like it is a bug, The Authorization header still contains the token, I saw the code and see no action to clean that, Test on https://vue-vuex-realworld.netlify.com/ So when we log out, |
Hello,
I noticed that the Authorization header (containing the JWT token) is still present on the next calls just after the logout.
Here are the step to reproduce :
The headers should be discarded / cleaned out after logout.
As the actions are disabled when the currentUser is not set (and that's correctly done on logout), the impact is low, but this stays quite unsecure.
Thanks a lot for this great example project!
Gerfaut
The text was updated successfully, but these errors were encountered: