-1

I am developing an express application and i need to implement login and logout.

I have created a session using the following code during login.

req.session.login_id = rows[0][0]["login_id"];
req.session.save(function(err) {
  if(err){
    console.log('Error in creating session.')
  }
  else  {
    res.redirect('/profile')
  }
})

But the following doesn't work to clear session:

router.get('/logout',(req,res,next)=>{
  req.session.destroy(function (err) {
    if (!err){
      res.redirect('/')
    }else{
      return next(err)
    }
  })
})
TGrif
  • 5,725
  • 9
  • 31
  • 52
Mathew John
  • 559
  • 6
  • 18
  • 1
    Are you using a module for the session middleware? If so what is it? – Luke Stoward Dec 18 '17 at 10:49
  • Am using express-session – Mathew John Dec 18 '17 at 11:09
  • Could you elaborate on what you mean when you say "doesn't work to clear session". Do you mean it doesn't clear the session on the server? – Luke Stoward Dec 18 '17 at 11:13
  • Once logged in and logged out, we don't need username or password to login the last user. It just logs in once we click login. – Mathew John Dec 18 '17 at 11:47
  • I think it doest clear the session on the server. First, I have logged in and logout using Firefox. Then in chrome i try to login with wrong credentials and it logged into the last user that is logged out from Firefox. – Mathew John Dec 18 '17 at 12:52

1 Answers1

1

I found the answer to the problem...

The issue was in the MySql query were the temporary variable used for login(@login_id) was not initialized and used to contain junk value.

The original query was

SELECT login_id into @login_id from tbl_login WHERE email=in_email AND password=in_password AND status='active';

I changed it to

SET @login_id = NULL; SELECT login_id into @login_id from tbl_login WHERE email=in_email AND password=in_password AND status='yes';

Now @login_id is NULL by default and contains value only if user is valid.

Mathew John
  • 559
  • 6
  • 18