Update:
It behaves consistent with my actual FB login. When I log out my facebook and then click "login" button on my website, it redirects me to facebook login page and asks me to login. After that, I come back to the webpage "profile.html" on my website correctly. However, when I click "log out" from my website, it goes to the home page of my website. This time, when I click "login" button again, it directly goes to "profile.html" of my website. It seems the last "logout" did not work at all. The "logout" can only work when I log out my facebook account. So the session used on my website relies on facebook's session. Very weird!
I am using PassportJS to complete my authentication job. But I found req.logout() or req.session.destroy() does not work at all.
// route for showing the profile page
app.get('/login', isLoggedIn, function(req, res) {
res.render('profile', {
user : req.user // get the user out of session and pass to template
});
});
// route middleware to make sure a user is logged in
function isLoggedIn(req, res, next) {
// if user is authenticated in the session, carry on
if (req.isAuthenticated()){
console.log("req is authenticated!");
return next();
}
// if they aren't redirect them to the home page
res.redirect('/');
}
// route for logging out
app.get('/logout', function(req, res) {
console.log("logging out!");
req.logout();
req.session.destroy();
res.redirect('/');
});
When I clikced logout, I can see "logging out" message. And then I was redirected to home page. When I clicked the login again, I cannot see any login window and directly went into the "profile" page. During the process, I did see "req is authenticated!" message.
My questions:
1: where is "req.isAuthenticated()" from? Why is it always being true?
2: why "req.logout()" or "req.session.destroy()" does not work?
Thanks
Derek
req.isAuthenticated() is part of passport. Relevant code:
req.isAuthenticated = function() {
var property = 'user';
if (this._passport && this._passport.instance._userProperty) {
property = this._passport.instance._userProperty;
}
return (this[property]) ? true : false;
};
Checks for the property and returns a boolean.
req.logout() removes the property so it returns false in future requests.
Meanwhile, session.destroy comes from expressjs/session middleware, so it's not passport related. Maybe you are creating the session again in the index page. The question needs more info.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With