Open sandrockjustin opened 5 hours ago
Unsure about how to proceed on this, but here's a description of what is working and what is not.
When a user clicks the Logout
button we are doing two things: we are using the Passport req.logout()
function and we are also using the Express req.session.destroy()
function. Parts of this might be redundant but we will understand as we continue to explore it.
Issue: After logging out, the page redirects to /auth/google
. However, it appears that Passport is preserving this data (possibly in a cookie) and upon redirect it is automatically forcing a user to log in again. This is not how we want our application to function; the user should be prompted to sign-in with Passport again rather than it automatically signing in a user.
Suggested Solution: Experiment with destroying/otherwise deleting the cookie? It's weird, the express-session
model is storing this data as a cookie but it seems as though there is another cookie stored in the end-user's browser.
Patchwork solution reached, but it is only a pseudo-fix. We resolved this by forcing a prompt to sign-in on any redirect to /auth/google
. However, there is an issue of session persistence.
/logout
route is deleting the session, user, and cookie successfully.Suggested Solution: Create a Sessions Schema in our database, which Passport might be changed somehow to interact with? That way Passport isn't storing and persisting sessions that we don't want; instead sessions would be stored in our database with the Sessions model.
Relevant Documentation:
Follow-up issue; on redirects to /auth/google
we are receiving a CORS error. The login can only seem to be accessed if we manually enter it as a web address? It seems quite unusual; my theory is that technically our endpoint /auth/google
is crossing origins to the Google API.
Internally, our server seems to refuse client requests to access that other origin.
If we force it in the client, however, by circumventing the server request we can just access that endpoint?