I am trying to logout an user (with all it current sessions) by another user, so for example an admin can force the logout of an user by a API call. Here's my current code:
function logoutUserGlobal(req,res) {
var user = req.user,
userid = req.params.id;
if(user.role == "admin"){
connection.query("DELETE FROM `sessions` WHERE `sessions`.`session` LIKE '%\"user\":" + userid + "%'", function (error, results, fields) {
if (error) throw error;
console.log(results);
var response = {success: "test"}
res.send(response).status(200).end();
});
}else{
var response = {error: "not permitted"}
res.send(response).status(200).end();
}
}
The sessions stored in the database are getting deleted but the user is somehow still logged in and if the user navigates on the page the session is being stored at the database again.
Thanks in advance and have a nice weekend!
via svennie
No comments:
Post a Comment