Currently I let my ReactJS client make a request to the /logout endpoint on my NodeJS server in order to destroy the session. It looks like this:router.get("/logout", (req, res) => {req.session.destroy();res.clearCookie('connect.sid');res.status(200).send('User has been logged out');});I use connect-mongodb-session to store the session.However, neither the session get's destroyed (it's still visible in MongoDB) and also the cookie connect.sid remains persistent at the client side.Of course I can also remove the session from the DB 'manually', however, I believe this is not the conventional way of doing it.
Submitted August 25, 2020 at 05:25PM by CryptoScience
No comments:
Post a Comment