Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Correct logOut using Passport. ClearCookie doesn't delete cookies.
See original GitHub issueI’m using PassportJS and this code for logout:
.get("/logout", async (req, res) => {
await req.logout();
req.session = null;
await res.clearCookie(process.env.PROJECT_TITLE.toLowerCase());
await res.clearCookie(`${process.env.PROJECT_TITLE.toLowerCase()}.sig`);
return res.redirect("/");
});
It just changes the cookies but don’t delete them. Why?
It does delete them if I use just this code:
.get("/logout", async (req, res) => {
await res.clearCookie(process.env.PROJECT_TITLE.toLowerCase());
await res.clearCookie(`${process.env.PROJECT_TITLE.toLowerCase()}.sig`);
return res.redirect("/");
});
Where am I wrong?
Issue Analytics
- State:
- Created 5 years ago
- Comments:40 (20 by maintainers)
Top Results From Across the Web
how to delete cookie on logout in express + passport js?
Assign new date of expiration to cookie. res.cookie('connect.sid', '', {expires: new Date(1), path: '/' }); · Delete cookie using below lines. res.clearCookie(' ...
Read more >Building HttpOnly Cookie JWT Authentication With Passport.js
All the logout route does is clear your existing JWT Cookie, using Cookie Parser's res.clearCookie() method. Then we have the protected route which...
Read more >RE: Logout Programmatically - Clearing the cookies - Forums
Hi, I am trying to logout the user programmatically , So I am trying to clear cookies. But not able to clear cookie...
Read more >Express cookie-session middleware
The following points can help you choose which to use: cookie-session does not require any database / resources on the server side, though...
Read more >Authentication in Svelte using cookies - LogRocket Blog
Create a Svelte app using SvelteKit that implements a cookie for ... sign up, sign out, and access to some user data in...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This is an example remix that will do the
req.logout()and clear the cookie in your logout route: https://glitch.com/edit/#!/tiny-chinchillaHi @frederikhors
correct, that was the only change in my remix.
The issue I’m seeing is that
req.logoutis altering the session, which is why the session is getting updated in your logout request.I’m not very familiar with passport. Maybe can you explain exact what
req.logoutis doing apart from alteringreq.session? We may be able to determine this by understanding the specifics of whatreq.logoutdoes.But what I found is that the cookie is getting set on your logout because of the following:
(1) req.logout alters the
req.sessionobject, so a need to set the cookie is noted by this module (2) the code calls clearcookie, which has nothing to do with this module and this module has no idea your code did that. clearing a cookie is just setting a cookie with an expiration date in the past (3) the response ends and this module sees that (a) thereq.sessionobject was changed, thus it knows it needs to set the new value and (b)req.session.save()hasn’t been called, so it will automatically save the changes for youSo it seems like you have one of two options:
(a) don’t touch the
req.sessionif you don’t want a new value to be saved in the cookie (this is why I commented outreq.logout()OR
(b) call
req.session.save()to explicitly save the changes to the session thatreq.logout()made and then do the clear cookie calls.I hope that helps 👍