passport: req.logout not working with "local strategy"

Yeah, just figured it out, some other post helped me out with this solution, and it worked for me in conjunction with the comment mentioned. Thanks @MichhDiego 😉

app.use(session({ ... resave: false, .... }));

Follow-up: for me, it appears to have been a dependency issue (possibly deriving from an automated refactoring that didn’t correctly exclude node_modules). I nuked my local node_modules directory, ran npm install, and got a working session logout.

Note that for my tests with jasmine-node and request to work correctly, I had to make sure to supply a request.jar() instance in the jar field of the request object.

Here’s my logout:

// Express middleware function for logging out a user. The action is successful
// if the user is no longer authenticated.
var logout = function (req, res, next) {
  // Get rid of the session token. Then call `logout`; it does no harm.
  req.logout();
  req.session.destroy(function (err) {
    if (err) { return next(err); }
    // The response should indicate that the user is no longer authenticated.
    return res.send({ authenticated: req.isAuthenticated() });
  });
};

This works fine with express@4.10.1, express-session@1.9.1, passport@0.2.1, passport-local@1.0.0. I’m using the connect-pg-simple session store middleware with it, with no issues.

I tried all of the solutions here and just couldn’t get anything to work. No matter what I did, I could not get the user logged out unless I manually deleted the connect.gid cookie.

UNTILL

I changed my /logout route on the server-side from a POST to a DELETE and then it started working. 🤷

I had the same problem too, but the following workaround solved it: // Express Session app.use(session({ secret: 'secret', saveUninitialized: false, resave: false, cookie: { maxAge: 1000 } })); Then on the logout route router.get('/logout', function (req, res) { req.logOut(); // remove all session data req.session = null; res.redirect('/login'); });

Cheers.

app.get(‘/logout’,(req,res)=>{ req.logOut(()=>{ res.redirect(‘/login’) });

})

On you main app.js file you should configure passport before the auth routes (login, logout). Like this:

app.use(passport.initialize()); // initialize passport
passport.use(new LocalStrategy(User.authenticate()));
passport.serializeUser(User.serializeUser()); // method supported by passport-local mongoose
passport.deserializeUser(User.deserializeUser()); // method supported by passport-local mongoose

app.use('/', indexRouter);
app.use('/access-control', accessControlRouter); // my auth routes

Before I had it the other way round and I kept getting the same error

This works:

app.get(‘/logout’, (req, res)=>{ res.clearCookie(‘Session_name’); res.redirect(‘/’); });

But, want to know why req.logout() is not deleteing session.

I came across similiar issue. I forgot to put { withCredentials: true } on client when axios request is send, which caused unexpected sessions behavior. After that, logout is working right, but don’t expect, that cookie will be deleted. Logout action just ‘invalidate’ the session in DB (user info will be empty)

So I am having these issues using Express 4.15.4, passport 0.4.0, passport-oauth2 1.4.0, cookie-session 1.3.1. Symptoms are the same as described above. I have:

app.get('/logout', (req, res) => {
  req.logout();
  res.redirect('/');
});

My / path is protected - if the user is not logged in, it will redirect to login. I added this line to my middleware router: console.log(req.path, ':', req.isAuthenticated()); In Chrome, I navigated to /, confirmed I was still logged in, then navigated to /logout. I ended up back at / logged in. But interestingly, this is how I got there:

/ : true
/logout : true
/ : false
/login : false
/login/callback : false
/ : true

So it looks like (at least in my case), it is logging me out, but when forwarded to passport.authenticate('oauth2'), I’m automatically logged back in without prompt. Any thoughts? Is this symptom the same for everyone else here?