sanori
commented
8 years ago codes in https://github.com/strongloop/loopback-component-passport/issues/57#issuecomment-140929082 may solve this problem.
Closed sanori closed 8 years ago
sanori
commented
8 years ago codes in https://github.com/strongloop/loopback-component-passport/issues/57#issuecomment-140929082 may solve this problem.
jannyHou
commented
8 years ago Closing it due to duplicate, thanks for your understanding. https://github.com/strongloop/loopback-component-passport/issues/57
Subject says it all.
It seems that req.logout() only removes user profiles. Since access_token is still valid for api, next user can access previous user's resources.