[英]vuex empty state on logout
Quick story of my problem:我的问题的快速故事:
window.localStorage
and therefore gets auto logged in) my vuex store retrieves all the info from a socket that requires authentication.window.localStorage
并因此自动登录),我的 vuex 存储将从需要身份验证的套接字中检索所有信息。This would be a security issue as not logged in people(or hackers) on a public pc could view what the state was before the user logged out.这将是一个安全问题,因为在公共 PC 上未登录的人(或黑客)可以查看用户注销前的状态。
I have seen How to clear state in vuex store?我看过如何清除 vuex 商店中的状态? But I feel that this is a hack and should be avoided.
但我觉得这是一种黑客行为,应该避免。
My current solution is just to refresh the page using location.reload();
我目前的解决方案只是使用
location.reload();
刷新页面location.reload();
Is there a better way to prevent this data leak?
有没有更好的方法来防止这种数据泄漏?
All objects stored in Vue act as an observable .存储在 Vue 中的所有对象都充当observable 。 So if the reference of a value is changed/mutated it triggers the actual value to be changed too .
因此,如果值的引用被更改/变异,它也会触发实际值的更改。
So, In order to reset the state the initial store modules has to be copied as a value .因此,为了重置状态,必须将初始存储模块复制为 value 。
On logging out of a user, the same value has to be assigned for each module as a copy.在注销用户时,必须为每个模块分配相同的值作为副本。
This can be achieved as follows:这可以通过以下方式实现:
// store.js
// Initial store with modules as an object
export const initialStoreModules = {
user,
recruitment,
};
export default new Vuex.Store({
/**
* Assign the modules to the store
* using lodash deepClone to avoid changing the initial store module values
*/
modules: _.cloneDeep(initialStoreModules),
mutations: {
// reset default state modules by looping around the initialStoreModules
resetState(state) {
_.forOwn(initialStoreModules, (value, key) => {
state[key] = _.cloneDeep(value.state);
});
},
}
});
Then call commit("resetState");
然后调用
commit("resetState");
when the user logs out.当用户退出时。
Normal Approach正常方法
If user logs in, then you can add few boolean flags to ensure that user has been loggedin/loggedout.如果用户登录,那么您可以添加一些布尔标志以确保用户已登录/注销。
So initial approach would be -所以最初的方法是——
this.$store.commit('insertToken', {realtoken, isLoggedIn: true})
In vuex than,在 vuex 中,
insertToken (state, payload) {
state.token = payload.realtoken
state.isLoggedIn = payload.isLoggedIn
localStorage.setItem('token', payload.realtoken)
}
And when user logs out you should set all flags to false, In component -当用户注销时,您应该将所有标志设置为 false,在组件中 -
logout () {
this.$store.commit('logOut')
this.$router.replace('/login')
}
and in vuex,在 vuex 中,
logOut (state, payload) {
state.token = null
state.isLoggedIn = false
localStorage.setItem('token', null)
},
So by means of isLoggedIn
and token
you can tell router where to navigate by using term called Navigation Guards因此,通过
isLoggedIn
和token
您可以使用称为Navigation Guards 的术语告诉路由器导航的位置
Example -例子 -
const checkToken = () => {
if ((localStorage.getItem('token') == null) ||
(localStorage.getItem('token') == undefined)) {
return false
} else {
return true
}
}
// Navigation guards
if (to.path === '/') {
if (checkToken()) {
next()
} else {
router.push('/login')
}
} }
This is the way I use when authentication is done by means of using token
as part of interacting with Vuex.这是我在通过使用
token
作为与 Vuex 交互的一部分来完成身份验证时使用的方式。
This extension does a nice job https://www.npmjs.com/package/vuex-extensions这个扩展做得很好https://www.npmjs.com/package/vuex-extensions
With it installed I can just call reset in the Vuex Logout Action安装它后,我可以在 Vuex Logout Action 中调用 reset
logout(context) {
// do the logout stuff, such as
context.commit("setUser", {});
// On logout, clear all State, using vuex-extensions
this.reset();
// if using router, change to login page
router.replace("/login");
}
This might be late but I found window.localStorage.removeItem('vuex') useful.这可能晚了,但我发现window.localStorage.removeItem('vuex')很有用。 Thanks to Thomas von Deyen, https://github.com/championswimmer/vuex-persist/issues/52#issuecomment-413913598
感谢 Thomas von Deyen, https://github.com/championswimmer/vuex-persist/issues/52#issuecomment-413913598
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.