I use the passport-google-oauth
module to authenticate users on a web application I built using Express.js
. The logout event is handled this way:
app.get('/logout', function(req, res) {
console.log("logged out!");
req.logout();
res.redirect('/');
});
While this does redirect the user to the login page (at /
), I'm not sure it really logs him out. After clicking on logout, when I open Gmail
in a new tab, I remain logged in there (and no, I hadn't logged into Gmail
earlier). How can I fix this? Also, what does req.logout()
do to log the user out?
This is perfectly normal. When a user logs in to your application with his Google Account, he also logs in to all Google Services.
req.logout()
only destroys the session that was created by Passport when the user logged in. That session was only linked to your application, not to the entire user's Google Profile.
If you want to log out the user from his Google Account as well, you'll have to redirect him to https://accounts.google.com/logout
via a click on a button or something like that.
But this is very a debated policy, because, if you were already logged in to gmail, YouTube etc..., you would be logged out from all Google services at the same time. Pretty annoying.
For more information, check out this great answer by jmort253.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With