cookie-session: req.session is null but cookies are not removed from browser
According to cookie-session docs Destroying a session can be done with req.session = null
In my Nestjs application I get the session (using the session decorator) and assign a userId property to it.
@Post('/signin')
@Serialize(UserDto)
async signin(@Body() body: SigninUserDto, @Session() session: any) {
const user = await this.authService.signin(body);
session.userId = user.id;
return user;
}
This creates a session in the browser:
On signout, I set the session to null, as per the documentation, and in the browser, the session cookie is still visible. Why is it not removed; does this present a security concern; and how does one remove the session if it is a security concern?
@Post('/signout')
@UseGuards(AuthGuard)
@Serialize(UserDto)
signout(@Session() session: any) {
session = null;
}
Edit: Some additional info - On the frontend I created a basic login form using NextJS that redirects the user to a home page with a simple logout button. the logout button sends an api call to the signout endpoint in my NestJS application that assigns session=null.
Did you inspect cookie contents? Probably session = null removes some session-data from cookie and leaves just a blank cookie
If not:
You could try to use @Req() req: Request and then call req.session = null
- Is there a recommended way to update NestJS?
- how we implement dto validation in nestjs TCP microservice
- Is it possible to ignore class-validator on the client side?
- NestJS: How to customise log messages to include request id and name of the file the log message occurred
- How to send raw data as payload with MQTT on Nestjs
- How to mock a nest-winston logger dependency in nestjs unit tests
- NestJS: Type 'NestFastifyApplication' does not satisfy the constraint 'INestApplication'
- ValidationPipe complaining about empty fields when using a DTO in body
- How to reuse mutler settings to specify a different folder for a route
- Fix uploading error on @aws-sdk/client-s3 on nestjs
- Getting undefined error for the id of user
- NestJS Using ConfigService with TypeOrmModule
- Typescript Unable to resolve signature of parameter of decorator in vscode
- Nx can't create project graph (projects in the following directories have no name provided)
- How to filter associated models connected using through table and keeping all associated model
- The injected services are undefined using serverless
- How to distinguish payment status in stripe `checkout.session.expired` event
- Validate Enum directly in controller function
- How to use query parameters in Nest.js?
- NestJS HTTP Module needs to be imported in every feature module
- Property 'cookies' does not exist on type 'Request'
- NestJS as BFF for angular 19 using SSR
- Import `path` for Node reacts differently in NestJS
- Module '"rxjs"' has no exported member 'firstValueFrom'
- Nest.js - request entity too large PayloadTooLargeError: request entity too large
- Run NestJS worker in a separate process
- NestJs e2e testing with TypeORM - change column type before tests
- Retrieve full url from shortened url using axios and js
- Parsing error "parserOptions.project" has been set for @typescript-eslint/parser
- Access raw body of Stripe webhook in Nest.js