I'm interesting to close (logout/sign out) all the user sessions in nodeJS.
req.logout() is closing only the current session of the user. But for my security panel I want to add the option to close ALL the user sessions. How can I do this?
I'm using MEAN.JS framework. With passport.js library and mongoDB to save the sessions:
// Express MongoDB session storage
app.use(session({
saveUninitialized: true,
resave: true,
secret: config.sessionSecret,
cookie: {
maxAge: 15778476000,
httpOnly: true,
secure: false
},
key: 'sessionId',
store: new mongoStore({
db: db.connection.db,
collection: config.sessionCollection
})
}));
Thank you very much.
Using connect-mongo, the userId is saved inside a String in mongoDB in sessions collection:
{
"_id" : "J6fsgZ4d1zKp31ml1MRm18YCdlyhvce-",
"session" : "{\"cookie\":{\"originalMaxAge\":15778475958,\"expires\":\"2016-05-17T23:47:27.301Z\",\"secure\":false,\"httpOnly\":true,\"path\":\"/\"},\"passport\":{\"user\":\"56420a5a8c6601ce29bbd1c1\"}}",
"expires" : ISODate("2016-05-17T12:48:22.049Z")
}
Finally, I use this code to remove all his sessions:
var mongoose = require('mongoose'),
Schema = mongoose.Schema,
Session = mongoose.model('Session', new Schema(), 'sessions');
exports.signoutAllSessions = function(req, res) {
var socketio = req.app.get('socketio');
var userId = req.user.id;
var filter = {'session':{'$regex': '.*"user":"'+userId+'".*'}};
req.logout();
res.redirect('/');
Session.remove(filter,function(err,data){
socketio.sockets.to(userId).emit('user.logout');
});
};
And an API route call this method.
来源:https://stackoverflow.com/questions/33740117/nodejs-logout-all-user-sessions