I am using express, express-session and passport in my node.js application and have issues when performing an auto logout.
initialization:
expressapp.use(session({
secret: '****',
cookie: { maxAge: 1000 * 60 * 60 }, // 1h
saveUninitialized: false,
resave: true
}));
expressapp.use(passport.initialize());
expressapp.use(passport.session());
my logout code:
expressapp.get('/profile/', isLoggedIn, function (req, res) {
logger.info('get profile view!');
res.render('profile');
});
expressapp.get('/logout', function(req, res) {
logger.info('logging out..');
req.session.destroy(function (err) {
res.redirect('/');
});
});
expressapp.post('/login', passport.authenticate('login', {
successRedirect: '/#!/profile',
failureRedirect: '/#!/login',
}));
function isLoggedIn(req, res, next) {
if(req.isAuthenticated()) {
logger.info('authenticated!');
return next();
} else {
logger.info('unauthorized!');
res.render('login');
}
}
The issue what I now have is if I click on my logout button the function gets called and I get redirected but when going back to profile again the functions listed above do not get called again (no logs printed) as they are still saved somewhere. Only if I reload the site I get redirected to the login page. This does not work for me for the auto logout as I don't reload the page then.
I also tried to call req.logout() in the logout route but with the same result.
How can I force these functions to be called on each click and not on each reload of the site? Where is this information saved?
