Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-01-13 14:08:51 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🍪 refactor: Move OpenID Tokens from Cookies to Server-Side Sessions (#11236)

Browse source 
* refactor: OpenID token handling by storing tokens in session to reduce cookie size

* refactor: Improve OpenID user identification logic in logout controller

* refactor: Enhance OpenID logout flow by adding post-logout redirect URI

* refactor: Update logout process to clear additional OpenID user ID cookie
This commit is contained in:
Danny Avila 2026-01-06 15:22:10 -05:00 committed by GitHub
parent 3b41e392ba
commit 348b4a4a32
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 105 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

9
api/cache/banViolation.js vendored
View file

@ -47,7 +47,16 @@ const banViolation = async (req, res, errorMessage) => {
}
await deleteAllUserSessions({ userId: user_id });
/** Clear OpenID session tokens if present */
if (req.session?.openidTokens) {
delete req.session.openidTokens;
}
res.clearCookie('refreshToken');
res.clearCookie('openid_access_token');
res.clearCookie('openid_user_id');
res.clearCookie('token_provider');
const banLogs = getLogStores(ViolationTypes.BAN);
const duration = errorMessage.duration || banLogs.opts.ttl;