I'm trying to destroy the cookie on the client side but can't seem to figure out how to. I've tried the few ways that passport and some answers on SO provided but I'm at a loss as to how to clear the actual cookie.
My code so far is:
app.get('/logout', function (req, res){
sessionStore.destroy(req.sessionID, (err) =>{
if(err)console.log(err);
req.logout();
req.session.destroy(function (err) {
if(err) console.log(err);
res.status(200).json({message : 'User Logged Out'});
});
});
});
I have also tried the req.logOut();
method.
req.logout
does not clear the session but instead it clears the login information from the session. An example from my session store after login:Here you can see that
passport.user
in thesession
JSON holds the value I returned fromserializeUser
(the username). After callingreq.logout
the session store still holds the session but the serialized user information is missing, ie. I'm not logged in anymore:If I change my logout route handler to this:
I can see that after logout the session above has disappeared but a new one was created because I landed on the front page and it starts a new session:
Also the
connect.sid
cookie in the browser now holds the new session key.Now add the
clearCookie
. With logout handler like this one:the session store is empty after clicking the logout button (notice, that no further requests are performed in the example):
and the response headers of the logout request show a cleared cookie:
Set-Cookie: connect.sid=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Now, if no further requests are performed to the server (new ones may start a new session even if not logged in) you should not see
connect.sid
cookie in the browse developer tools anymore.