Open colboycolinmeeks opened 5 years ago
I have literally spend the last 3 days trying to find the problem. My auth work with the /dashboard route, but as soon as I change that to a /:id route it completely hangs when you try to log out.
Would love to see the solution to this, been a couple of sleepless nights for me thinking about it.
But all things considered, thanks for the share!
On Wed, 12 Jun 2019 at 10:35 PM, colboycolinmeeks notifications@github.com wrote:
I followed the video tutorial and noticed that if you logout and then press the back button, the user is still recognized, when it should be redirected to the Login page. I thought I'd typed in something wrong, so downloaded the project from here, but still get the same problem. Is this an issues with the Passport Local authentication. Seems pretty pointless if something so simple doesn't work. This seems to be an issue others have, but I can't seem to find a definitive solution that works. Any ideas?
Colin
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/bradtraversy/node_passport_login/issues/44?email_source=notifications&email_token=AKGWOZFNDIN7VMZOFZP7YK3P2ECUJA5CNFSM4HXJUWIKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GZCSUNQ, or mute the thread https://github.com/notifications/unsubscribe-auth/AKGWOZEUQKD4OCEXREODLEDP2ECUJANCNFSM4HXJUWIA .
-- Global Pilot
After trying many, many suggestions, I decided to attack it from a different side. I'm guessing that hitting the [Back] button is pulling the page from the cache, so I figured the best way to fix the problem is to prevent pages being cached. I added this:
app.use((req, res, next) => { res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private') next() })
just after
const app = express();
Now when I hit the back button after logging out, I get the login page again and the error message "Please log in to view this resource"
Hope this is of some help
Colin
In file: node_passport_login/config/auth.js, you can add this line: res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0') // no caache so when logged out, cant browser back button to reload page, forces reload
This does what your code does, but only for pages that needs authorization. The rest of your site can be used as normal cache.
See below
module.exports = {
ensureAuthenticated: function(req, res, next) {
if (req.isAuthenticated()) {
res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0') // no caache so when logged out, cant browser back button to reload page, forces reload
return next();
}
req.flash('error_msg', 'Please log in to view that resource');
res.redirect('/users/login');
},
forwardAuthenticated: function(req, res, next) {
if (!req.isAuthenticated()) {
return next();
}
res.redirect('/dashboard');
}
};
I don't get the 'You are now logged out' flash message after logging out. Can anyone help
I followed the video tutorial and noticed that if you logout and then press the back button, the user is still recognized, when it should be redirected to the Login page. I thought I'd typed in something wrong, so downloaded the project from here, but still get the same problem. Is this an issues with the Passport Local authentication. Seems pretty pointless if something so simple doesn't work. This seems to be an issue others have, but I can't seem to find a definitive solution that works. Any ideas?
Colin