Why is PassportJS in Node not removing session on logout

Question

I am having trouble getting my system to log out with PassportJS. It seems the logout route is being called, but its not removing the session. I want it to return 401, if th

Answer 1

In my case, using a callback passed to req.session.destroy helped only some of the time and I had to resort to this hack:

req.session.destroy();
setTimeout(function() {
    res.redirect "/";
}, 2000);

I don't know why that's the only solution that I've been able to get to work, but unfortunately @JulianLloyd's answer did not work for me consistently.

It may have something to do with the fact that my live login page uses SSL (I haven't been able to reproduce the issue on the staging site or my localhost). There may be something else going on in my app too; I'm using the derby-passport module since my app is using the Derby framework, so it's difficult to isolate the problem.

It's clearly a timing issue because I first tried a timeout of 100 ms, which wasn't sufficient.

Unfortunately I haven't yet found a better solution.