Skip to content

Commit

Permalink
Clear user from old session on logout.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jaredhanson
jaredhanson committed May 18, 2022
1 parent 9cde808 commit c018dea
Showing 1 changed file with 19 additions and 7 deletions.
26 changes: 19 additions & 7 deletions lib/sessionmanager.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,27 @@ SessionManager.prototype.logOut = function(req, cb) {
console.log('SM: logOut');

var self = this;
req.session.regenerate(function(err) {

// clear the user from the session object and save.
// this will ensure that re-using the old session id
// does not have a logged in user
if (req.session && req.session[this._key]) {
delete req.session[this._key].user;
}

req.session.save(function(err) {
if (err) {
return cb(err);
}

if (req.session && req.session[self._key]) {
delete req.session[self._key].user;
return cb(err)
}
cb && cb();

// regenerate the session, which is good practice to help
// guard against forms of session fixation
req.session.regenerate(function(err) {
if (err) {
return cb(err);
}
cb && cb();
});
});
}

Expand Down

0 comments on commit c018dea

Please sign in to comment.