/persona/logout doesn't appear to delete other custom session values

jbuck / express-persona

Mozilla Persona integration for Express

http://jbuck.github.com/express-persona

BSD 2-Clause "Simplified" License

66 stars 16 forks source link

/persona/logout doesn't appear to delete other custom session values #13

Closed operatorjen closed 10 years ago

operatorjen commented 10 years ago

only req.session.email

jbuck commented 10 years ago

Hm, this would definitely be a change from previous behaviour.

Should this be a configurable option, as in your provide an array of keys you wish to preserve? Or maybe you provide an array of keys you want to delete? That'd be backwards compatible at least. What would make the most sense to you, as a developer? Would you ever want to only delete some session values?

jbuck commented 10 years ago

I think the best way to solve this would be to add a custom logoutResponse that removes the session keys you want to remove