How to end a session in ExpressJS
Sessionnode.jsExpressSession Problem Overview
I feel like this has to be buried somewhere in the documentation, but I can't find it.
How do you close or end or kill (whatever) a session in ExpressJS?
Session Solutions
Solution 1 - Session
Express 4.x Updated Answer
Session handling is no longer built into Express. This answer refers to the standard session module: https://github.com/expressjs/session
To clear the session data, simply use:
req.session.destroy();
The documentation is a bit useless on this. It says:
> Destroys the session, removing req.session, will be re-generated next request.
> req.session.destroy(function(err) { > // cannot access session here > })
This does not mean that the current session will be re-loaded on the next request. It means that a clean empty session will be created in your session store on next request. (Presumably the session ID isn't changing, but I have not tested that.)
Solution 2 - Session
Never mind, it's req.session.destroy();
Solution 3 - Session
The question didn't clarify what type of session store was being used. Both answers seem to be correct.
For cookie based sessions:
From http://expressjs.com/api.html#cookieSession
req.session = null // Deletes the cookie.
For Redis, etc based sessions:
req.session.destroy // Deletes the session in the database.
Solution 4 - Session
From http://expressjs.com/api.html#cookieSession
To clear a cookie simply assign the session to null before responding:
req.session = null
Solution 5 - Session
Session.destroy(callback)
> Destroys the session and will unset the req.session property. Once complete, the callback will be invoked.
↓ Secure way ↓ ✅
req.session.destroy((err) => {
res.redirect('/') // will always fire after session is destroyed
})
↓ Unsecure way ↓ ❌
req.logout();
res.redirect('/') // can be called before logout is done
Solution 6 - Session
use,
delete req.session.yoursessionname;
Solution 7 - Session
To end a server-side session
https://github.com/expressjs/session#sessiondestroycallback
req.session.destroy(function(err) {
// cannot access session here
})
Note, this is essentially a wrapper around delete req.session as seen in the source code:
https://github.com/expressjs/session/blob/master/session/session.js
defineMethod(Session.prototype, 'destroy', function destroy(fn) {
delete this.req.session;
this.req.sessionStore.destroy(this.id, fn);
return this;
});
To end a cookie-session
https://github.com/expressjs/cookie-session#destroying-a-session
req.session = null;
Solution 8 - Session
You can retrieve the id of a session using req.session.id or req.sessionID and then pass it to req.sessionStore.destroy method like so:
const sessionID = req.session.id;
req.sessionStore.destroy(sessionID, (err) => {
// callback function. If an error occurs, it will be accessible here.
if(err){
return console.error(err)
}
console.log("The session has been destroyed!")
})
Solution 9 - Session
req.session.destroy();
The above did not work for me so I did this.
req.session.cookie.expires = new Date().getTime();
By setting the expiration of the cookie to the current time, the session expired on its own.
Solution 10 - Session
As mentioned in several places, I'm also not able to get the req.session.destroy() function to work correctly.
This is my work around .. seems to do the trick, and still allows req.flash to be used
req.session = {};
If you delete or set req.session = null; , seems then you can't use req.flash