Why is PassportJS in Node not removing session on logout

Question

I am having trouble getting my system to log out with PassportJS. It seems the logout route is being called, but its not removing the session. I want it to return 401, if th

Answer 1

I was recently having this same issue and none of the answers fixed the issue for me. Could be wrong but it does seem to have to do with a race condition.

Changing the session details to the options below seems to have fixed the issue for me. I have tested it about 10 times or so now and everything seems to be working correctly.

app.use(session({
    secret: 'secret',
    saveUninitialized: false,
    resave: false
}));

Basically I just changed saveUninitialized and resave from true to false. That seems to have fixed the issue.

Just for reference I'm using the standard req.logout(); method in my logout path. I'm not using the session destroy like other people have mentioned.

app.get('/logout', function(req, res) {
    req.logout();
    res.redirect('/');
});