search

bradtraversy / node_passport_login

Node.js login, registration and access control using Express and Passport
1.74k stars 1.29k forks source link

Logout Does not Work #44

Open colboycolinmeeks opened 5 years ago

colboycolinmeeks commented 5 years ago

I followed the video tutorial and noticed that if you logout and then press the back button, the user is still recognized, when it should be redirected to the Login page. I thought I'd typed in something wrong, so downloaded the project from here, but still get the same problem. Is this an issues with the Passport Local authentication. Seems pretty pointless if something so simple doesn't work. This seems to be an issue others have, but I can't seem to find a definitive solution that works. Any ideas?

Colin

Stephankarl commented 5 years ago

I have literally spend the last 3 days trying to find the problem. My auth work with the /dashboard route, but as soon as I change that to a /:id route it completely hangs when you try to log out.

Would love to see the solution to this, been a couple of sleepless nights for me thinking about it.

But all things considered, thanks for the share!

On Wed, 12 Jun 2019 at 10:35 PM, colboycolinmeeks notifications@github.com wrote:

I followed the video tutorial and noticed that if you logout and then press the back button, the user is still recognized, when it should be redirected to the Login page. I thought I'd typed in something wrong, so downloaded the project from here, but still get the same problem. Is this an issues with the Passport Local authentication. Seems pretty pointless if something so simple doesn't work. This seems to be an issue others have, but I can't seem to find a definitive solution that works. Any ideas?

Colin

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/bradtraversy/node_passport_login/issues/44?email_source=notifications&email_token=AKGWOZFNDIN7VMZOFZP7YK3P2ECUJA5CNFSM4HXJUWIKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4GZCSUNQ, or mute the thread https://github.com/notifications/unsubscribe-auth/AKGWOZEUQKD4OCEXREODLEDP2ECUJANCNFSM4HXJUWIA .

-- Global Pilot

colboycolinmeeks commented 5 years ago

After trying many, many suggestions, I decided to attack it from a different side. I'm guessing that hitting the [Back] button is pulling the page from the cache, so I figured the best way to fix the problem is to prevent pages being cached. I added this:

app.use((req, res, next) => { res.set('Cache-Control', 'no-store, no-cache, must-revalidate, private') next() })

just after

const app = express();

Now when I hit the back button after logging out, I get the login page again and the error message "Please log in to view this resource"

Hope this is of some help

Colin

inspiretk commented 4 years ago

In file: node_passport_login/config/auth.js, you can add this line: res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0') // no caache so when logged out, cant browser back button to reload page, forces reload

This does what your code does, but only for pages that needs authorization. The rest of your site can be used as normal cache.

See below

module.exports = {
  ensureAuthenticated: function(req, res, next) {
    if (req.isAuthenticated()) {
      res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0') // no caache so when logged out, cant browser back button to reload page, forces reload
      return next();
    }
    req.flash('error_msg', 'Please log in to view that resource');
    res.redirect('/users/login');
  },
  forwardAuthenticated: function(req, res, next) {
    if (!req.isAuthenticated()) {
      return next();
    }
    res.redirect('/dashboard');      
  }
};
tapan31 commented 1 year ago

I don't get the 'You are now logged out' flash message after logging out. Can anyone help