How to destroy session with SID #80

otobot1 · 2022-04-24T21:07:47Z

otobot1
Apr 24, 2022

I need to use the store.destroy(sid, callback) method described in the express-session implementation to delete a session based on the SID, but I can't figure out which object to call the method on. Any help would be appreciated.

Also, @kleydon I hope the interview went well.

Answered by kleydon

Apr 26, 2022

Hi @otobot1,

Here's the way I'm deleting a user session (as well as all other sessions the user has, i.e. for logging out):

  return new Promise<BooleanPayload>( async (resolve, reject) => {

    ilog('Stored session exists for request session id; destroying it.')
    //Approach: https://stackoverflow.com/a/22519785
    return reqSession.destroy( async (err: Error) => {

      if (err) {
        return reject(Error('Logout failed: ' + err.message))
      }

      // If user has OTHER sessions with the same userId, destroy these as well
      const { count } = await prisma.session.deleteMany({
        // If prisma-session-store changes the format for data (unlikely)
        // the 'contain…

View full answer

kleydon · 2022-04-26T01:36:48Z

kleydon
Apr 26, 2022
Maintainer

Hi @otobot1,

Here's the way I'm deleting a user session (as well as all other sessions the user has, i.e. for logging out):

  return new Promise<BooleanPayload>( async (resolve, reject) => {

    ilog('Stored session exists for request session id; destroying it.')
    //Approach: https://stackoverflow.com/a/22519785
    return reqSession.destroy( async (err: Error) => {

      if (err) {
        return reject(Error('Logout failed: ' + err.message))
      }

      // If user has OTHER sessions with the same userId, destroy these as well
      const { count } = await prisma.session.deleteMany({
        // If prisma-session-store changes the format for data (unlikely)
        // the 'contains' string below may need to be revisited.
        where: { data: { contains: `"userId":"${reqSession.userId}"`} }  // Because express session stores keep data as a string
      })
      if (count === 0) {
        ilog(`No other stored sessions existed for this user.`)
      }
      else if (count === 1) {
        ilog(`One other stored session existed for the session's user; deleted this stored session too.`)
      }
      else {
        ilog(`${count} other stored sessions existed for session's user; deleted these stored sessions too.`)
      }

      return resolve({ value : true }); 
    })
  })
}

I suppose the unintuitive part is that in the express session store documentation / spec, the session id is passed as a parameter, whereas when you actually use a session store implementation (or maybe just this one?), destroy() is a member function of the request session, so the session id doesn't need to be passed as a parameter.

Does this get past the puzzlement?

Also, @kleydon I hope the interview went well.

Thanks! Fingers crossed...

1 reply

otobot1 Apr 26, 2022
Author

Ah ok. Yeah it was the documentation that confused me. But accessing the database directly through Prisma will work too! Thanks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to destroy session with SID #80

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

How to destroy session with SID #80

otobot1 Apr 24, 2022

Replies: 1 comment · 1 reply

kleydon Apr 26, 2022 Maintainer

otobot1 Apr 26, 2022 Author

otobot1
Apr 24, 2022

Replies: 1 comment 1 reply

kleydon
Apr 26, 2022
Maintainer

otobot1 Apr 26, 2022
Author