chore: remove refresh and access token cookies

fullstackondemand · fullstackondemand · commit ed00a4f6c5ff · 2025-03-10T09:00:14.000+05:30
diff --git a/src/Controller/AbstractAuthController.php b/src/Controller/AbstractAuthController.php
@@ -47,18 +47,22 @@ public function login($req, $res) {
         $refreshToken = $user->generateRefreshToken();
 
         // Add Authorization Cookies
-        setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
-        setcookie('RTID', $refreshToken, time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
-
-        return response($req, $res, new Response(data: ['userId' => $user->id, 'SSID' => ['token' => $accessToken, 'exp' => time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY']], 'RTID' => ['token' => $refreshToken, 'exp' => time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY']]]));
+        // setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
+        // setcookie('RTID', $refreshToken, time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
+
+        return response($req, $res, new Response(data: [
+            'userId' => $user->id, 
+            'SSID' => ['token' => $accessToken, 'exp' => time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY']], 
+            'RTID' => ['token' => $refreshToken, 'exp' => time() + 86400 * (int) $_ENV['REFRESH_TOKEN_EXPIRY']]
+        ]));
     }
 
     /** Logout Function */
     public function logout($req, $res) {
 
         // Remove Authorization Cookies
-        setcookie('SSID', '', time() - 100, path: '/api', secure: true, httponly: true);
-        setcookie('RTID', '', time() - 100, path: '/api', secure: true, httponly: true);
+        // setcookie('SSID', '', time() - 100, path: '/api', secure: true, httponly: true);
+        // setcookie('RTID', '', time() - 100, path: '/api', secure: true, httponly: true);
 
         return response($req, $res, new Response(message: "User logged out successfully."));
     }
@@ -67,7 +71,7 @@ public function logout($req, $res) {
     public function regenerateAccessToken($req, $res) {
 
         /** User Refresh Token */
-        $refreshToken = $_COOKIE['RTID'];
+        $refreshToken = $_COOKIE['RTID'] ?? $req->getParsedBody()['refreshToken'] ?? null;
 
         try {
             /** Decode Json Web Token */
@@ -83,8 +87,10 @@ public function regenerateAccessToken($req, $res) {
         $accessToken = $user->generateAccessToken();
 
         // Add Authorization Cookies
-        setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
+        // setcookie('SSID', $accessToken, time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY'], path: '/api', secure: true, httponly: true);
 
-        return response($req, $res, new Response(data: ['SSID' => ['token' => $accessToken, 'exp' => time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY']]]));
+        return response($req, $res, new Response(data: [
+            'SSID' => ['token' => $accessToken, 'exp' => time() + 60 * (int) $_ENV['ACCESS_TOKEN_EXPIRY']]
+        ]));
     }
 }
