Reputation: 10257
either req.logout() or req.session.destroy() does not work
Update:
It behaves consistent with my actual FB login. When I log out my facebook and then click "login" button on my website, it redirects me to facebook login page and asks me to login. After that, I come back to the webpage "profile.html" on my website correctly. However, when I click "log out" from my website, it goes to the home page of my website. This time, when I click "login" button again, it directly goes to "profile.html" of my website. It seems the last "logout" did not work at all. The "logout" can only work when I log out my facebook account. So the session used on my website relies on facebook's session. Very weird!
I am using PassportJS to complete my authentication job. But I found req.logout() or req.session.destroy() does not work at all.
// route for showing the profile page
app.get('/login', isLoggedIn, function(req, res) {
res.render('profile', {
user : req.user // get the user out of session and pass to template
});
});
// route middleware to make sure a user is logged in
function isLoggedIn(req, res, next) {
// if user is authenticated in the session, carry on
if (req.isAuthenticated()){
console.log("req is authenticated!");
return next();
}
// if they aren't redirect them to the home page
res.redirect('/');
}
// route for logging out
app.get('/logout', function(req, res) {
console.log("logging out!");
req.logout();
req.session.destroy();
res.redirect('/');
});
When I clikced logout, I can see "logging out" message. And then I was redirected to home page. When I clicked the login again, I cannot see any login window and directly went into the "profile" page. During the process, I did see "req is authenticated!" message.
My questions:
1: where is "req.isAuthenticated()" from? Why is it always being true?
2: why "req.logout()" or "req.session.destroy()" does not work?
Thanks
Derek
Upvotes: 5
Views: 6281
Answers (1)
Reputation: 1892
req.isAuthenticated() is part of passport. Relevant code:
req.isAuthenticated = function() {
var property = 'user';
if (this._passport && this._passport.instance._userProperty) {
property = this._passport.instance._userProperty;
}
return (this[property]) ? true : false;
};
Checks for the property and returns a boolean.
req.logout() removes the property so it returns false in future requests.
Meanwhile, session.destroy comes from expressjs/session middleware, so it's not passport related. Maybe you are creating the session again in the index page. The question needs more info.
Upvotes: 1
Related Questions
- Why is PassportJS in Node not removing session on logout
- Passportjs - req.logout function does not exist
- req.session.destroy() not working in Nodejs
- express-session won't log out
- req.logout() is not a function
- How to log out and clear session with Passport and Express-session?
- logout using express and passport
- req.session.destroy and passport logout aren't destroying cookie on client side
- Passport 'logout()' not working as expected
- Node.Js + express + Passport : Can't logout user