5

I copy pasted the app passport-local on my app,

The fun is I can log in users, but I can't make them logout,

app.get('/logout', function(req, res){
  req.logout();
  res.redirect('/');
});

this is not doing nothing, nothing on the logfiles, and I I have its a link to /logout

this is the main route examples

app.get('/page1', function(req, res){                                                                                                                       
  res.render('page1', {user: req.user});
});

app.get('*', function(req,res){
  res.render('root', {user: req.user});
});

Why the logout its not working ????

Nonyck
  • 652
  • 1
  • 12
  • 28
  • http://passportjs.org/guide/log-out.html explains it, also I tried req.logOut(); and can't logout on local strategy – Nonyck Sep 18 '12 at 10:12
  • the only thing I have different is I deleted this line `app.use(app.router);` cause destroys my bootstrap template – Nonyck Sep 18 '12 at 10:35
  • 1
    come on need help, why I can't logout – Nonyck Sep 18 '12 at 14:24
  • Looks like a duplicate of this question which does have an answer that may work. Though I haven't verified if there are other issues with doing req.session.detroy() http://stackoverflow.com/questions/13758207/why-is-passportjs-in-node-not-removing-session-on-logout – WallMobile Jun 26 '13 at 02:32

2 Answers2

2

Apparently this is a known problem:

Why is PassportJS in Node not removing session on logout

The thread mentioned above suggests to use req.session.destroy() instead.

It would be nice to have some feedback from the Passport team directly.

Community
  • 1
  • 1
Pensierinmusica
  • 6,404
  • 9
  • 40
  • 58
-1

This is still an issue.

What I did was to use req.session.destroy(function (err) {}); on the server side and on the client side, whenever they logout:

const logout = () => {
    const url = '/users/logout'
    fetch(url)
    setTimeout(function () {
      location.reload();    }, 500);

That way, when refreshing the page, the user is without session. Just make sure you are redirecting to the correct page if no one is authenticated.

Not the best approach, perhaps, but it works.

Daniel Dias
  • 1
  • 2