Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript

Alexander Solberg
Alexander Solberg
14,350 Points
Posted by Alexander Solberg
Alexander Solberg
14,350 Points

req.session.destroy() bug in Chrome??

Hi there, I stumbled upon a weird issue today when experimenting with express-session and cookies.

I am trying to create a simple user authentication system by expanding upon what we learn here at treehouse, utilizing a lot of the similar code.

The issue is that I have a logout functionality that sends request to this route 

router.get("/logout", (req, res, next) => {
  if (req.session) {
    // delete session
    res.clearCookie("uid");
    res.clearCookie("connect.sid", {path: "/"});
    req.session.destroy(function(err) {
      if (err) {
        return next(err);
      } else {
        return res.redirect("/");
      }
    });
  }
});

When I click logout, the session seems to still be active. In my pug-templates I have content that are only displayed if currentUser exists, and somehow it still exists even though I destroyed the session and cleared the cookies.

currentUser comes from this

// CONFIG
// database connection
mongoose.connect("mongodb://localhost:27017/peril");
var db = mongoose.connection;
// db error checking
db.on("error", console.error.bind(console, "connection error:"));

// use session for tracking logins
app.use(session({
  secret: "a world in peril",
  resave: true,
  saveUninitialized: false,
  store: new MongoStore({
    mongooseConnection: db
  })
}));

// reference user_id in locals variable
// then send to every template
app.use(function(req, res, next) {
  res.locals.currentUser = req.session.userId;
  next();
});

However, this works exactly as it should in both Firefox and Opera, there are no issues at all. And the really weird thing is that it kind of works in chrome too, but it does take 3-4 minutes before all the "data" is cleared and I have to login again to gain access to login-required views.

With Mongo Compass I can clearly see the session clearing the moment I click "logout", yet, the session seem to still persist in Chrome.

So, is this a bug? Or am I doing something wrong or? Anybody know why this only happens in Chrome?

I have the latest version of Chrome, Firefox and Opera.

I have spent a couple of hours now trying to google this without any luck, so I would really appreciate some help if any of you have any idea of what this might be :)