发表新帖
发表新帖

Why is PassportJS in Node not removing session on logout

前端 未结
关注
22 1627
有刺的猬
有刺的猬 2020-11-28 22:11

I am having trouble getting my system to log out with PassportJS. It seems the logout route is being called, but its not removing the session. I want it to return 401, if th

相关标签:
22条回答
  • 囚心锁ツ
    2020-11-28 22:58

    None of the answers worked for me so I will share mine

    app.use(session({
    secret: 'some_secret',
    resave: false,
    saveUninitialized: false,
   cookie: {maxAge: 1000} // this is the key
}))

    and

    router.get('/logout', (req, res, next) => {
    req.logOut()
    req.redirect('/')
})
    0 讨论(0)
  • 無奈伤痛
    2020-11-28 23:00

    Ran into the same issue. Using req.session.destroy(); instead of req.logout(); works, but I don't know if this is the best practice.

    0 讨论(0)
  • 温柔的废话
    2020-11-28 23:01

    I faced the similar problem with Passport 0.3.2.

    When I use Custom Callback for the passport login and signup the problem persisted.

    The problem was solved by upgrading to Passport 0.4.0 and adding the lines

    app.get('/logout', function(req, res) {
    req.logOut();
    res.redirect('/');
});
    0 讨论(0)
  • 天涯浪人
    2020-11-28 23:02

    Since you are using passport authentication which uses it's own session via the connect.sid cookie this simplest way of dealing with logging out is letting passport handle the session.

    app.get('/logout', function(req, res){
  if (req.isAuthenticated()) {
    req.logOut()
    return res.redirect('/') // Handle valid logout
  }

  return res.status(401) // Handle unauthenticated response
})
    0 讨论(0)
  • 南笙
    2020-11-28 23:02

    In my case, using a callback passed to req.session.destroy helped only some of the time and I had to resort to this hack:

    req.session.destroy();
setTimeout(function() {
    res.redirect "/";
}, 2000);

    I don't know why that's the only solution that I've been able to get to work, but unfortunately @JulianLloyd's answer did not work for me consistently.

    It may have something to do with the fact that my live login page uses SSL (I haven't been able to reproduce the issue on the staging site or my localhost). There may be something else going on in my app too; I'm using the derby-passport module since my app is using the Derby framework, so it's difficult to isolate the problem.

    It's clearly a timing issue because I first tried a timeout of 100 ms, which wasn't sufficient.

    Unfortunately I haven't yet found a better solution.

    0 讨论(0)
  • 离开以前
    2020-11-28 23:03

    I'm working with a programmer, that suggests to remove user of req:

    app.get('/logout', function (req, res){
  req.session.destroy(function (err) {
    req.user = null;
    res.redirect('/'); //Inside a callback… bulletproof!
  });
});

    Reason: we need to remove from req(passportjs also doing this but async way) because there is no use of user data after logout even this will save memory and also might be passportjs found user data and may create new session and redirect(but not yet happen) By the ways, this is our responsibility to remove irrelevant thing. PassportJS assign data into req.user after login and also remove if we use req.logout() but it may not works properly some times as NodeJS Asynchronous in nature

    0 讨论(0)
 看不清?
提交回复
热议问题