javascript 如何在快递+护照js中注销时删除cookie?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/33112299/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to delete cookie on logout in express + passport js?
提问by romir
I want to "delete cookies on logout". I am not able to do that. I googled for answer and found following ways:
我想“在注销时删除 cookie”。我不能那样做。我用谷歌搜索答案,发现以下方法:
Assign new date of expiration to cookie
res.cookie('connect.sid', '', {expires: new Date(1), path: '/' });
Delete cookie using below lines
res.clearCookie('connect.sid', { path: '/' });
为 cookie 分配新的到期日期
res.cookie('connect.sid', '', {expires: new Date(1), path: '/' });
使用以下行删除 cookie
res.clearCookie('connect.sid', { path: '/' });
I tried both ways individually but they do not delete the cookie.
我分别尝试了两种方法,但它们不会删除 cookie。
Here is my code:
这是我的代码:
routes.js
路由.js
module.exports = function(app, passport, session){
app.get('/', function(req, res)
{
res.render('index.ejs');
});
app.get('/login', function(req,res){
res.render('login.ejs',{message:req.flash('loginMessage')});
});
app.get('/signup',checkRedirect , function(req, res) {
res.render('signup.ejs',{message: req.flash('signupMessage')});
});
app.get('/profile', isLoggedIn, function(req,res) {
res.render('profile.ejs', {
user :req.user
});
});
app.post('/signup', passport.authenticate('local-signup', {
successRedirect : '/profile',
failureRedirect : '/signup',
failureFlash : true
}));
app.post('/login', passport.authenticate('local-login', {
successRedirect : '/profile',
failureRedirect : '/login',
failureFlash :true
}));
app.get('/logout',function(req,res){
res.cookie('connect.sid', '', {expires: new Date(1), path: '/' });
req.logOut();
res.clearCookie('connect.sid', { path: '/' });
res.redirect('/');
});
function isLoggedIn(req, res, next){
if(req.isAuthenticated())
return next();
console.log("hiii");
res.redirect('/');
}
};
};
server.js
服务器.js
var express = require('express');
var app = express();
var port = process.env.PORT || 3000;
var mongoose = require('mongoose');
var passport = require('passport');
var flash=require('connect-flash');
var morgan=require('morgan');
var bodyParser = require('body-parser');
var cookieParser=require('cookie-parser');
//
var session=require('express-session');
var RedisStore = require('connect-redis')(session);
var redis = require("redis");
var redis_client = redis.createClient();
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({extended: true}));
var configDb=require('./config/database.js');
mongoose.connect(configDb.url);
require('./config/passport')(passport);
app.use(morgan('dev'));
app.use(cookieParser());
app.use(bodyParser());
app.set('view engine', 'ejs');
app.use(session({
store: new RedisStore({
host: '127.0.0.1',
port: 6379,
client: redis_client
}),
secret : 'foo',
resave: false,
saveUninitialized: false
}));
app.use(function (req, res, next) {
if (!req.session) {
return next(new Error('oh no')); // handle error
}
next();
});
});
app.use(passport.initialize());
app.use(passport.session());
app.use(flash());
require('./app/routes')(app, passport, session);
app.listen(port, function(){
console.log('server is at port' + port);
});
回答by Sudhanshu Gaur
You can use req.session.destroy in logout route to destroy the session below is the code for reference :)
您可以在注销路由中使用 req.session.destroy 来销毁会话,以下代码供参考:)
app.get('/logout', function(req,res){
req.logOut();
req.session.destroy(function (err) {
res.redirect('/'); //Inside a callback… bulletproof!
});
});
回答by pjiaquan
Please try this:
请试试这个:
router.get('/logout', function (req, res) {
req.logOut();
res.status(200).clearCookie('connect.sid', {
path: '/'
});
req.session.destroy(function (err) {
res.redirect('/');
});
});
回答by Will59
pjiaquan's did not work with chromium for me, the cookie was still around. The issue comes from the res.clearCookie method, as explained in http://expressjs.com/en/api.html:
pjiaquan 对我来说不适合铬,饼干还在。该问题来自 res.clearCookie 方法,如http://expressjs.com/en/api.html 中所述:
Web browsers and other compliant clients will only clear the cookie if the given options is identical to those given to res.cookie(), excluding expires and maxAge.
如果给定的选项与给定给 res.cookie() 的选项相同,Web 浏览器和其他兼容客户端只会清除 cookie,不包括 expires 和 maxAge。
In my case, the solution ended up being:
就我而言,解决方案最终是:
router.get('/logout', function (req, res) {
req.logOut();
res.status(200).clearCookie('connect.sid', {
path: '/',
secure: false,
httpOnly: false,
domain: 'place.your.domain.name.here.com',
sameSite: true,
});
req.session.destroy(function (err) {
res.redirect('/');
});
});
回答by Jeff Lowery
So none of the suggestions here worked for me, until I realized I was doing a dumb:
所以这里的建议都不适合我,直到我意识到我在做一个愚蠢的事情:
Using Github, I set up an OAuth app (you can do this in your profile settings), and used that for authentication.
使用 Github,我设置了一个 OAuth 应用程序(您可以在您的个人资料设置中执行此操作),并将其用于身份验证。
Worked a charm! But it was always sending me back the same profile, even when I logged out from my app. Clearing all browser storage didn't fix it.
发挥了魅力!但它总是给我发回相同的个人资料,即使我从我的应用程序中退出也是如此。清除所有浏览器存储并没有解决它。
Then it dawned on me that I was still logged into my github account (and that was the profile I was always getting)... once I logged out of that, then the OAuth app prompted me for my user/pw again.
然后我突然意识到我仍然登录到我的 github 帐户(这就是我一直得到的配置文件)......一旦我退出那个,然后 OAuth 应用程序再次提示我输入我的用户/密码。