'How to end a session in ExpressJS
I feel like this has to be buried somewhere in the documentation, but I can't find it.
How do you close or end or kill (whatever) a session in ExpressJS?
Solution 1:[1]
Express 4.x Updated Answer
Session handling is no longer built into Express. This answer refers to the standard session module: https://github.com/expressjs/session
To clear the session data, simply use:
req.session.destroy();
The documentation is a bit useless on this. It says:
Destroys the session, removing req.session, will be re-generated next request.
req.session.destroy(function(err) { // cannot access session here })
This does not mean that the current session will be re-loaded on the next request. It means that a clean empty session will be created in your session store on next request. (Presumably the session ID isn't changing, but I have not tested that.)
Solution 2:[2]
Never mind, it's req.session.destroy();
Solution 3:[3]
The question didn't clarify what type of session store was being used. Both answers seem to be correct.
For cookie based sessions:
From http://expressjs.com/api.html#cookieSession
req.session = null // Deletes the cookie.
For Redis, etc based sessions:
req.session.destroy // Deletes the session in the database.
Solution 4:[4]
From http://expressjs.com/api.html#cookieSession
To clear a cookie simply assign the session to null before responding:
req.session = null
Solution 5:[5]
Session.destroy(callback)
Destroys the session and will unset the req.session property. Once complete, the callback will be invoked.
? Secure way ? ?
req.session.destroy((err) => {
res.redirect('/') // will always fire after session is destroyed
})
? Unsecure way ? ?
req.logout();
res.redirect('/') // can be called before logout is done
Solution 6:[6]
use,
delete req.session.yoursessionname;
Solution 7:[7]
To end a server-side session
https://github.com/expressjs/session#sessiondestroycallback
req.session.destroy(function(err) {
// cannot access session here
})
Note, this is essentially a wrapper around delete req.session as seen in the source code:
https://github.com/expressjs/session/blob/master/session/session.js
defineMethod(Session.prototype, 'destroy', function destroy(fn) {
delete this.req.session;
this.req.sessionStore.destroy(this.id, fn);
return this;
});
To end a cookie-session
https://github.com/expressjs/cookie-session#destroying-a-session
req.session = null;
Solution 8:[8]
You can retrieve the id of a session using req.session.id or req.sessionID and then pass it to req.sessionStore.destroy method like so:
const sessionID = req.session.id;
req.sessionStore.destroy(sessionID, (err) => {
// callback function. If an error occurs, it will be accessible here.
if(err){
return console.error(err)
}
console.log("The session has been destroyed!")
})
Solution 9:[9]
req.session.destroy();
The above did not work for me so I did this.
req.session.cookie.expires = new Date().getTime();
By setting the expiration of the cookie to the current time, the session expired on its own.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Brad |
| Solution 2 | Afshin Mehrabani |
| Solution 3 | Blueshirts |
| Solution 4 | stream7 |
| Solution 5 | Hasan Sefa Ozalp |
| Solution 6 | jlopez |
| Solution 7 | |
| Solution 8 | cani |
| Solution 9 | John Quasar |