Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

passport-google-oauth unable to logout user

I use the passport-google-oauth module to authenticate users on a web application I built using Express.js. The logout event is handled this way:

app.get('/logout', function(req, res) {
    console.log("logged out!");
    req.logout();
    res.redirect('/');
});

While this does redirect the user to the login page (at /), I'm not sure it really logs him out. After clicking on logout, when I open Gmail in a new tab, I remain logged in there (and no, I hadn't logged into Gmail earlier). How can I fix this? Also, what does req.logout() do to log the user out?

like image 981
raul Avatar asked Dec 26 '22 05:12

raul


1 Answers

This is perfectly normal. When a user logs in to your application with his Google Account, he also logs in to all Google Services.

req.logout() only destroys the session that was created by Passport when the user logged in. That session was only linked to your application, not to the entire user's Google Profile.

If you want to log out the user from his Google Account as well, you'll have to redirect him to https://accounts.google.com/logout via a click on a button or something like that.

But this is very a debated policy, because, if you were already logged in to gmail, YouTube etc..., you would be logged out from all Google services at the same time. Pretty annoying.

For more information, check out this great answer by jmort253.

like image 187
Waldo Jeffers Avatar answered Dec 28 '22 07:12

Waldo Jeffers