Menu
My configuration:
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser());
app.use(express.cookieParser());
app.use(express.session({
secret: 'MY SECRET',
store: new MongoStore({
db: 'MY SESSION DB',
host: 'localhost',
port:88888
})
}));
app.use(everyauth.middleware());
app.use(express.methodOverride());
app.use(app.router);
});
app.configure('dev', function(){
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
appPort = config.port; //Setting PORT to 8888 in dev mode.
app.use('/public', express.static(__dirname + '/public'));
});
app.configure('production', function(){
app.use(express.errorHandler());
appPort = config.port;
//Set cache-header-expires to 1 day
var oneDay = 86400000;
//app.use('/public', express.static(__dirname + '/public'));
app.use('/public',express.static(__dirname + '/public', { maxAge: oneDay }));
});
Now, I have a 'logout' link which goes to /logout on my app.
AFAIK, express automatically takes care of clearing sessions on logout. But with my config, I dont think its doing that. For example, A custom variable attached to session
req.session.custom
still holds after logout. However,
req.session.auth
is cleared after logout.
The number of session object in my MongoDb store are only incrementing over time. I am using everyauth as well.
What am I missing or doing wrong?
372
destroy(callback) Destroys the session and will unset the req. session property. Once complete, the callback will be invoked.
If the user is coming from /logout page, then we show “user logged out!” message. logged out! Check Session'); }); Once the user clicks on /logout we destroy all the session by using req.
Session data is stored server-side. Note Since version 1.5. 0, the cookie-parser middleware no longer needs to be used for this module to work. This module now directly reads and writes cookies on req / res .
Most frameworks use their own session management middleware. For example, express , the most popular server framework for Node. js, has the accompanying express-session for session management.
If you want to fully clear the session for the user on logout you can call req.session.destroy() from your everyauth.everymodule.handleLogout function. Only req.session.auth is cleared when you call req.logout().
58
why is it creating a new session in mongo store.Is there any way to prevent it when i am redirected to login again. – loneranger Jun 7 '15 at 5:43
There's a saveUninitialized option to prevent the session to be saved if it does not contain any data.
app.use(session({
secret: 'secret123',
store: new MongoStore({
mongooseConnection: mongoose.connection,
ttl: 60 * 30 // half hour
}),
saveUninitialized: false
}));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
