I use basic auth on my sample app
passport.use(new BasicStrategy(
function (userid, password, done) {
if (userid !== "foo" && passport !== "bar") {
return done(null, false);
} else {
return done(null, {
userId: "foo"
});
}
})
);
And have authentication on one route only
app.use(
"/admin",
passport.authenticate('basic', { session: false }),
require("./admin"));
Inside admin.js, I have a logout route
router.get("/logout", (req, res) => {
req.logOut();
res.send("Goodbye!");
});
was expecting when i call http://localhost:3000/admin/logout, auth session will be terminated. however, even after logout, i can still browse route "/admin"
Any idea what did i miss?
via jojo
No comments:
Post a Comment