Clearing sessions in mongodb, expressjs, nodejs

Asked 30/6, 2012 at 12:13 Answered 5/3, 2021 at 6:5

Solved node.js mongodb express everyauth

My configuration:

app.configure(function(){
    app.set('views', __dirname + '/views');
    app.set('view engine', 'jade');
    app.use(express.bodyParser());
    app.use(express.cookieParser());
    app.use(express.session({
        secret: 'MY SECRET',
        store: new MongoStore({
            db: 'MY SESSION DB',
            host: 'localhost',
            port:88888
        })
    }));
    app.use(everyauth.middleware());
    app.use(express.methodOverride());

    app.use(app.router);
});

app.configure('dev', function(){
    app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
    appPort = config.port; //Setting PORT to 8888 in dev mode.
    app.use('/public', express.static(__dirname + '/public'));
});

app.configure('production', function(){
    app.use(express.errorHandler());
    appPort = config.port;
    //Set cache-header-expires to 1 day
    var oneDay = 86400000;
    //app.use('/public', express.static(__dirname + '/public'));
    app.use('/public',express.static(__dirname + '/public', { maxAge: oneDay }));
});

Now, I have a 'logout' link which goes to /logout on my app.

AFAIK, express automatically takes care of clearing sessions on logout. But with my config, I dont think its doing that. For example, A custom variable attached to session

req.session.custom

still holds after logout. However,

req.session.auth

is cleared after logout.

The number of session object in my MongoDb store are only incrementing over time. I am using everyauth as well.

What am I missing or doing wrong?

Neurogram answered 30/6, 2012 at 12:13 Comment(0)

If you want to fully clear the session for the user on logout you can call req.session.destroy() from your everyauth.everymodule.handleLogout function. Only req.session.auth is cleared when you call req.logout().

Fosque answered 30/6, 2012 at 12:56 Comment(6)

How can I go about deleting the object in my Mongo session store as well on logout? – Neurogram 30/6, 2012 at 13:26

req.session.destroy() deletes the session object from your store. – Fosque 30/6, 2012 at 14:13

I dont think req.session.destroy() is clearing it. Both before and after logout, count() on the store is 1 when I test. Any clue? – Neurogram 4/7, 2012 at 5:6

Does your logout redirect to a login page? That would then create a new session to replace the one you just destroyed during logout and make it look like nothing changed. – Fosque 4/7, 2012 at 13:47

You are right. Its creating a new one. I check the session id. Thanks for pointing that out. – Neurogram 4/7, 2012 at 18:8

why is it creating a new session in mongo store.Is there any way to prevent it when i am redirected to login again. – Incult 7/6, 2015 at 5:43

why is it creating a new session in mongo store.Is there any way to prevent it when i am redirected to login again. – loneranger Jun 7 '15 at 5:43

There's a saveUninitialized option to prevent the session to be saved if it does not contain any data.

app.use(session({
    secret: 'secret123',
    store: new MongoStore({
        mongooseConnection: mongoose.connection,
        ttl: 60 * 30 // half hour
    }),
    saveUninitialized: false
}));

Sawdust answered 5/3, 2021 at 6:5 Comment(0)

Recommended topics

Hot tags