How to destroy session?

Question

I wanna be able to destroy a session after the user logs out. At the moment it's not working as expected. The session doesn't get destroyed.

I'm able to print the console.log() from the logout route.

That's the code I've used so far:

Frontend

const handleLogout = async (e) => {
    e.preventDefault();
    try {
      await fetch("http://localhost:4000/logout", {
        method: "GET",
      });
    } catch (error) {
      console.error(error.message);
    }
  };

Backend

app.get("/logout", (req, res) => {
  req.session.destroy((err) => {
    if (err) {
      return console.log(err);
    }
    res.send("logged out");
    console.log("logged out");
  });
});

I don't know if this helps but here is the session:

P.S. I'm using react, node, express and express-session.

Thanks in advance!

You should either handle the express response to delete the cookie or do it from the web app. If you are not using cookies you have to delete the localStorage key from the front end code. — Antonio Pantano, Nov 24 '21 at 19:23
What's the express response? And how can I use it to delete the session? — Nevzat, Nov 24 '21 at 22:41
https://stackoverflow.com/questions/27978868/destroy-cookie-nodejs — Antonio Pantano, Nov 24 '21 at 22:45

score 1 · Answer 1 · answered Nov 24 '21 at 23:00

req.session.destory() removes the session id from the server-side session store and that will render the client logged out since the session id is removed from the server-side session store and can no longer match the client cookie on future requests. It does not, however, remove the now-orphaned session cookie from the browser.

To do that, you need a res.clearCookie(cookieName) before you do the res.send("logged out"); where you target the name of whatever your session cookie is. That will send the proper header with the response to tell the browser to clear that cookie.

How to destroy session?

1 Answers1