Home > Software design >  express-session cookie still exist despite logout
express-session cookie still exist despite logout

Time:08-27

I have this logout route with expressJS using express-session :

router.post('/logout', (req, res) => {
  req.session.user = null;
  req.session.destroy((err) => {
    if (err) {
      return res.status(400).end();
    } else {
      return res.status(200).end();
    }
  });
});

Although the user is logged out Correctly and the sid changes, The cookie still exists!! which freaking me out.

I want to completely remove the cookie to calm my heart.

This is the config of the express-session package

app.use(
  session({
    store: new MariaDBStore({
      pool: require('./config/db_pool')
    }),
    name: 'sid',
    secret: process.env.KEY,
    saveUninitialized: false,
    resave: false,
    cookie: {
      path: '/',
      httpOnly: true,
      secure: process.env.NODE_ENV === 'development' ? false : true
    }
  })
);

CodePudding user response:

I git the answer from @Joe comment above and this like

Answer from here

using this close completely removes the cookie. the options of res.clearCookie are not optional .

  res.clearCookie('sid', { path: '/' });

Page link:https//www.codepudding.com/Softwaredesign/524664.html

Prev:Error in middleware: RangeError [ERR_HTTP_INVALID_STATUS_CODE]: Invalid status code: undefined
Next:can't access res.user.username in passport express-session
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding