Clearing sessions in mongodb, expressjs, nodejs


Question

My configuration:

app.configure(function(){
    app.set('views', __dirname + '/views');
    app.set('view engine', 'jade');
    app.use(express.bodyParser());
    app.use(express.cookieParser());
    app.use(express.session({
        secret: 'MY SECRET',
        store: new MongoStore({
            db: 'MY SESSION DB',
            host: 'localhost',
            port:88888
        })
    }));
    app.use(everyauth.middleware());
    app.use(express.methodOverride());

    app.use(app.router);
});

app.configure('dev', function(){
    app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
    appPort = config.port; //Setting PORT to 8888 in dev mode.
    app.use('/public', express.static(__dirname + '/public'));
});

app.configure('production', function(){
    app.use(express.errorHandler());
    appPort = config.port;
    //Set cache-header-expires to 1 day
    var oneDay = 86400000;
    //app.use('/public', express.static(__dirname + '/public'));
    app.use('/public',express.static(__dirname + '/public', { maxAge: oneDay }));
});

Now, I have a 'logout' link which goes to /logout on my app.

AFAIK, express automatically takes care of clearing sessions on logout. But with my config, I dont think its doing that. For example, A custom variable attached to session

req.session.custom

still holds after logout. However,

req.session.auth

is cleared after logout.

The number of session object in my MongoDb store are only incrementing over time. I am using everyauth as well.

What am I missing or doing wrong?

1
6
6/30/2012 12:13:31 PM

Accepted Answer

If you want to fully clear the session for the user on logout you can call req.session.destroy() from your everyauth.everymodule.handleLogout function. Only req.session.auth is cleared when you call req.logout().

14
6/30/2012 12:56:52 PM

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Icon