From 299d8bd33312030987c8906f2b0cbec60ce15c60 Mon Sep 17 00:00:00 2001
From: htlee <htlee@gcsc.co.kr>
Date: Thu, 19 Feb 2026 15:20:27 +0900
Subject: [PATCH] =?UTF-8?q?fix(auth):=20=EB=A1=9C=EA=B7=B8=EC=95=84?=
 =?UTF-8?q?=EC=9B=83=20=EC=8B=9C=20=ED=94=84=EB=A1=9D=EC=8B=9C=20=EC=BA=90?=
 =?UTF-8?q?=EC=8B=9C=20=EC=BF=A0=ED=82=A4=20=EC=82=AD=EC=A0=9C=20=EC=86=8D?=
 =?UTF-8?q?=EC=84=B1=20=EC=9D=BC=EC=B9=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

삭제 쿠키에 Secure, HttpOnly, SameSite 속성 추가하여
원본 쿠키와 매칭되도록 수정 (gc_proxy_auth, GC_SESSION)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/main/java/com/gcsc/guide/auth/AuthController.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gcsc/guide/auth/AuthController.java b/src/main/java/com/gcsc/guide/auth/AuthController.java
index 575fc35..45ee606 100644
--- a/src/main/java/com/gcsc/guide/auth/AuthController.java
+++ b/src/main/java/com/gcsc/guide/auth/AuthController.java
@@ -227,9 +227,11 @@ public class AuthController {
 
     private void clearSessionCookies(HttpServletResponse response) {
         response.addHeader(HttpHeaders.SET_COOKIE,
-            ResponseCookie.from("GC_SESSION", "").path("/").maxAge(0).build().toString());
+            ResponseCookie.from("GC_SESSION", "")
+                .path("/").httpOnly(true).secure(true).sameSite("Lax").maxAge(0).build().toString());
         response.addHeader(HttpHeaders.SET_COOKIE,
-            ResponseCookie.from("gc_proxy_auth", "").path("/").maxAge(0).build().toString());
+            ResponseCookie.from("gc_proxy_auth", "")
+                .path("/").httpOnly(true).secure(true).sameSite("Lax").maxAge(0).build().toString());
     }
 
     private String getCookieValue(HttpServletRequest request, String name) {