improved robustness of logout function

2025-12-17 19:46:30 -05:00
1 changed files with 18 additions and 5 deletions
--- a/api/src/routes/auth.ts
+++ b/api/src/routes/auth.ts
@@ -115,11 +115,24 @@ router.get('/callback', (req, res, next) => {
 router.get('/logout', [requireLogin], function (req, res, next) {
    req.logout(function (err) {
        if (err) { return next(err); }
-        var params = {
-            client_id: process.env.AUTH_CLIENT_ID,
-            returnTo: process.env.CLIENT_URL
-        };
-        res.redirect(process.env.AUTH_END_SESSION_URI + '?' + querystring.stringify(params));
+
+        req.session.destroy((err) => {
+            if (err) { return next(err); }
+
+            res.clearCookie('connect.sid', {
+                path: '/',
+                domain: process.env.CLIENT_DOMAIN,
+                httpOnly: true,
+                sameSite: 'lax'
+            });
+
+            var params = {
+                client_id: process.env.AUTH_CLIENT_ID,
+                returnTo: process.env.CLIENT_URL
+            };
+            res.redirect(process.env.AUTH_END_SESSION_URI + '?' + querystring.stringify(params));
+
+        })
    });
 });