1. 技术文章
  2. how to delete cookie on logout in express + passport js?

how to delete cookie on logout in express + passport js?

这一生的挚爱 提交于 2020-05-28 05:00:14

问题


I want to "delete cookies on logout". I am not able to do that. I googled for answer and found following ways:

  1. Assign new date of expiration to cookie

    res.cookie('connect.sid', '', {expires: new Date(1), path: '/' });

  2. Delete cookie using below lines

    res.clearCookie('connect.sid', { path: '/' });

I tried both ways individually but they do not delete the cookie.

Here is my code:

routes.js

module.exports = function(app, passport, session){
    app.get('/', function(req, res)
    {
       res.render('index.ejs');
    });

    app.get('/login', function(req,res){
     res.render('login.ejs',{message:req.flash('loginMessage')});
    });


    app.get('/signup',checkRedirect , function(req, res) {
        res.render('signup.ejs',{message: req.flash('signupMessage')});
    });
    app.get('/profile', isLoggedIn, function(req,res) {
        res.render('profile.ejs', {
            user :req.user
        });
    });
    app.post('/signup', passport.authenticate('local-signup', {
        successRedirect : '/profile',
        failureRedirect : '/signup',
        failureFlash : true
    }));
    app.post('/login',  passport.authenticate('local-login', {

        successRedirect : '/profile',
        failureRedirect : '/login',
        failureFlash :true

    }));
app.get('/logout',function(req,res){
    res.cookie('connect.sid', '', {expires: new Date(1), path: '/' });
   req.logOut();
    res.clearCookie('connect.sid', { path: '/' });
    res.redirect('/');
});

function isLoggedIn(req, res, next){

    if(req.isAuthenticated())
      return next();

    console.log("hiii");
    res.redirect('/');
}

};

server.js

    var express = require('express');
var app = express();
var port = process.env.PORT || 3000;
var mongoose = require('mongoose');
var passport = require('passport');
var flash=require('connect-flash');
var morgan=require('morgan');
var bodyParser = require('body-parser');
var cookieParser=require('cookie-parser');
//
var session=require('express-session');
var RedisStore = require('connect-redis')(session);
var redis   = require("redis");
var redis_client  = redis.createClient();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
var configDb=require('./config/database.js');
mongoose.connect(configDb.url);

require('./config/passport')(passport);

app.use(morgan('dev'));
app.use(cookieParser());
app.use(bodyParser());
app.set('view engine', 'ejs');


app.use(session({
    store: new RedisStore({
    host: '127.0.0.1',
    port: 6379,
    client: redis_client
}),
    secret : 'foo',
    resave: false,
    saveUninitialized: false
}));
app.use(function (req, res, next) {
    if (!req.session) {
        return next(new Error('oh no')); // handle error
    }
    next();
});


});

app.use(passport.initialize());
app.use(passport.session());
app.use(flash());

require('./app/routes')(app, passport, session);
app.listen(port, function(){
    console.log('server is at port' + port);
});

回答1:


You can use req.session.destroy in logout route to destroy the session below is the code for reference :)

app.get('/logout', function(req,res){
 req.logOut();
 req.session.destroy(function (err) {
        res.redirect('/'); //Inside a callback… bulletproof!
    });
});



回答2:


Please try this:

router.get('/logout', function (req, res) {
  req.logOut();
  res.status(200).clearCookie('connect.sid', {
    path: '/'
  });
  req.session.destroy(function (err) {
    res.redirect('/');
  });
});



回答3:


So none of the suggestions here worked for me, until I realized I was doing a dumb:

Using Github, I set up an OAuth app (you can do this in your profile settings), and used that for authentication.

Worked a charm! But it was always sending me back the same profile, even when I logged out from my app. Clearing all browser storage didn't fix it.

Then it dawned on me that I was still logged into my github account (and that was the profile I was always getting)... once I logged out of that, then the OAuth app prompted me for my user/pw again.




回答4:


pjiaquan's did not work with chromium for me, the cookie was still around. The issue comes from the res.clearCookie method, as explained in http://expressjs.com/en/api.html:

Web browsers and other compliant clients will only clear the cookie if the given options is identical to those given to res.cookie(), excluding expires and maxAge.

In my case, the solution ended up being:

router.get('/logout', function (req, res) {
  req.logOut();
  res.status(200).clearCookie('connect.sid', {
    path: '/',
    secure: false,
    httpOnly: false,
    domain: 'place.your.domain.name.here.com',
    sameSite: true,
  });
  req.session.destroy(function (err) {
    res.redirect('/');
  });
});


来源:https://stackoverflow.com/questions/33112299/how-to-delete-cookie-on-logout-in-express-passport-js

标签
javascript
node.js
cookies
express
passport.js
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!