基于Redis失效标记，实现用户权限变更后强制重新登录

2026-03-10 11:18:30 +08:00
parent d34bff2f79
commit fee430438c
6 changed files with 114 additions and 10 deletions
--- a/src/components/providers/session-provider.tsx
+++ b/src/components/providers/session-provider.tsx
@@ -1,7 +1,32 @@
 'use client'

-import { SessionProvider as NextAuthSessionProvider } from "next-auth/react"
+import { SessionProvider as NextAuthSessionProvider, signOut, useSession } from "next-auth/react"
+import { useEffect, useRef } from "react"
+import { usePathname } from "next/navigation"
+
+/** 检测会话失效并自动登出 */
+function SessionInvalidationGuard({ children }: { children: React.ReactNode }) {
+  const { data: session, status } = useSession()
+  const pathname = usePathname()
+  const signingOut = useRef(false)
+
+  useEffect(() => {
+    // 已认证但 session 中没有 user（会话被标记失效），自动登出清除 cookie
+    if (status === 'authenticated' && !(session as any)?.user?.id && !signingOut.current && pathname !== '/login') {
+      signingOut.current = true
+      signOut({ callbackUrl: '/login' })
+    }
+  }, [status, session, pathname])
+
+  return <>{children}</>
+}

 export function SessionProvider({ children }: { children: React.ReactNode }) {
-  return <NextAuthSessionProvider>{children}</NextAuthSessionProvider>
-}
+  return (
+    <NextAuthSessionProvider>
+      <SessionInvalidationGuard>
+        {children}
+      </SessionInvalidationGuard>
+    </NextAuthSessionProvider>
+  )
+}