Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

req.session is null but cookies are not destroyed

See original GitHub issue

I use cookie-session in my Express server that uses Parse Server. Then I have React webapp that do get/post to the server. This is how I setup

app.use(cookieSession({
  name: 'parse-session',
  secret: "SECRET_SIGNING_KEY",
  maxAge: 15724800000
}));

and this is how I save user informations at login:

req.session.user = user;    
req.session.token = user.getSessionToken();

it works well because when I call rest api:

 request({
      uri:'http://myapi.com/parse/users/me',
      headers: {
        'X-Parse-Application-Id': 'my-app-id',
        'X-Parse-Session-Token': req.session.token
      },
      json:true    
    
    }).then((userData) => {
       console.log(userData);               
    }).catch((error) => {
        console.log(`User do not exist: ${error}`);
    });

it gives me userData; the problem is at logout because I do this:

if(req.session){
     req.session = null;
       
  }

it put session at null, but if I try to do a request above, using it in React to call Express server:

fetch('/user',{credentials:'include'})
       .then((response)=>{
           return response.json();
       })
       .then((body)=>{
           if(body.user){
               console.log('vv',body.user);
               this.setState({logIn:true});
           }
           else{
               console.log('vv',body);
           }

       }).catch((error)=>{
              console.log('My error:',error);
   
       });

req.session.token continue to exist. Is there a way to delete cookie when put req.session = null ? Because the only way to delete the session token is when I delete history on the browser.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:16 (8 by maintainers)

github_iconTop GitHub Comments

3reactions
tnbaocommented, Aug 17, 2018

Add res.end(); after req.session = null;

0reactions
tiomnocommented, Aug 27, 2020

For those using Apollo Server + Express, I tricked the browser by sending an empty session back to it. ^^

This is my logout mutation resolver:

logout: async (_, __, req) => { // I pass req as the resolvers context
      if (!req.session.user) {
        throw new Error('User already logged out!')
      }

      //Destroying the session as so `req.session = null` doesn't trigger the Setter for 'session'
      req.session.user = null
      req.session.token = null

      return true
    },

BTW, checking the code in node_module I see it’s different from GitHub latest version. Why isn’t npm pulling the latest version of this package?

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to end a session in ExpressJS - Stack Overflow
session = null // Deletes the cookie. For Redis, etc based sessions: req.session.destroy // Deletes the session in the database ...
Read more >
Express session middleware
'destroy' The session will be destroyed (deleted) when the response ends. 'keep' The session in the store will be kept, but modifications made...
Read more >
Connect - High quality middleware for node.js - Sencha Labs
Session data is not saved in the cookie itself, however cookies are used, so we must use the cookieParser() middleware before session() ....
Read more >
Session Management in Node.js using ExpressJS and ...
When the user decides to log out, the server will destroy ( req.session.destroy(); ) the session and clear out the cookie on the...
Read more >
Session and state management in ASP.NET Core
Session cookies are deleted when the browser session ends. ... at the end of the request, TempData["Message"] is not deleted because Peek is ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Correct logOut using Passport. ClearCookie doesn't delete cookies.

Next page

Session save does not support a callback url