Clearing sessions in mongodb, expressjs, nodejs
Solution 1
If you want to fully clear the session for the user on logout you can call req.session.destroy()
from your everyauth.everymodule.handleLogout
function. Only req.session.auth
is cleared when you call req.logout()
.
Solution 2
why is it creating a new session in mongo store.Is there any way to prevent it when i am redirected to login again. – loneranger Jun 7 '15 at 5:43
There's a saveUninitialized option to prevent the session to be saved if it does not contain any data.
app.use(session({
secret: 'secret123',
store: new MongoStore({
mongooseConnection: mongoose.connection,
ttl: 60 * 30 // half hour
}),
saveUninitialized: false
}));
Comments
-
Rajat almost 2 years
My configuration:
app.configure(function(){ app.set('views', __dirname + '/views'); app.set('view engine', 'jade'); app.use(express.bodyParser()); app.use(express.cookieParser()); app.use(express.session({ secret: 'MY SECRET', store: new MongoStore({ db: 'MY SESSION DB', host: 'localhost', port:88888 }) })); app.use(everyauth.middleware()); app.use(express.methodOverride()); app.use(app.router); }); app.configure('dev', function(){ app.use(express.errorHandler({ dumpExceptions: true, showStack: true })); appPort = config.port; //Setting PORT to 8888 in dev mode. app.use('/public', express.static(__dirname + '/public')); }); app.configure('production', function(){ app.use(express.errorHandler()); appPort = config.port; //Set cache-header-expires to 1 day var oneDay = 86400000; //app.use('/public', express.static(__dirname + '/public')); app.use('/public',express.static(__dirname + '/public', { maxAge: oneDay })); });
Now, I have a 'logout' link which goes to /logout on my app.
AFAIK, express automatically takes care of clearing sessions on logout. But with my config, I dont think its doing that. For example, A custom variable attached to session
req.session.custom
still holds after logout. However,
req.session.auth
is cleared after logout.
The number of session object in my MongoDb store are only incrementing over time. I am using everyauth as well.
What am I missing or doing wrong?