express-session cookie still exist despite logout

Issue

I have this logout route with expressJS using express-session :

router.post('/logout', (req, res) => {
  req.session.user = null;
  req.session.destroy((err) => {
    if (err) {
      return res.status(400).end();
    } else {
      return res.status(200).end();
    }
  });
});

Although the user is logged out Correctly and the sid changes, The cookie still exists!! which freaking me out.

I want to completely remove the cookie to calm my heart.

This is the config of the express-session package

app.use(
  session({
    store: new MariaDBStore({
      pool: require('./config/db_pool')
    }),
    name: 'sid',
    secret: process.env.KEY,
    saveUninitialized: false,
    resave: false,
    cookie: {
      path: '/',
      httpOnly: true,
      secure: process.env.NODE_ENV === 'development' ? false : true
    }
  })
);

Solution

I git the answer from @Joe comment above and this like

Answer from here

using this close completely removes the cookie.
the options of res.clearCookie are not optional .

  res.clearCookie('sid', { path: '/' });

Answered By – mercury

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published