cookie-session: req.session is null but cookies are not removed from browser
According to cookie-session docs Destroying a session can be done with req.session = null
In my Nestjs application I get the session (using the session decorator) and assign a userId property to it.
@Post('/signin')
@Serialize(UserDto)
async signin(@Body() body: SigninUserDto, @Session() session: any) {
const user = await this.authService.signin(body);
session.userId = user.id;
return user;
}
This creates a session in the browser:
On signout, I set the session to null, as per the documentation, and in the browser, the session cookie is still visible. Why is it not removed; does this present a security concern; and how does one remove the session if it is a security concern?
@Post('/signout')
@UseGuards(AuthGuard)
@Serialize(UserDto)
signout(@Session() session: any) {
session = null;
}
Edit: Some additional info - On the frontend I created a basic login form using NextJS that redirects the user to a home page with a simple logout button. the logout button sends an api call to the signout endpoint in my NestJS application that assigns session=null.
Did you inspect cookie contents? Probably session = null removes some session-data from cookie and leaves just a blank cookie
If not:
You could try to use @Req() req: Request and then call req.session = null
- class-validator doesn't appear to do anything in NestJS application
- Code formatting with prettier is not working in nest js
- Jest error: Your test suite must contain at least one test
- Processing an exception through Apollo Server (NestJS)
- Unable to import ESM module in Nestjs
- How to avoid multiple refresh token call, if there are multiple API calls get unauthorized because access token expired
- CRON job executing twice at scheduled time (NestJS)
- Mongoose RefPath, running populate() with NestJS
- TS2305: Module '"@prisma/client"' has no exported member 'User'
- NestJs mongoose nested populate not working as expected
- How can I test a NestJS WebSocket Server with Insomnia? Error: "socket hang up"
- How to expose prisma schema to swagger UI in NestJS?
- Nestjs + Jest: expect().toHaveReturnedWith() returning empty object
- How do I get the domain originating the request (of the front-end) in NestJS
- Object literal may only specify known properties, and 'id' does not exist in type 'FindOptionsWhere<Teacher>
- Type 'number' has no properties in common with type 'FindOneOptions<Teacher>'
- How to properly type an Http request in a NestJS controller?
- NestJS - How to use .env variables in main app module file for database connection
- problem with nestjs/typeorm database selection
- Getting 'secretOrPrivateKey must have a value' error in NestJS JWT authentication
- Dynamic kafka topic name in nestjs microservice
- TypeError: Repository method is not a function (NestJS / TypeORM)
- AWS ECS Service Envs are undefined
- How to convert boolean to string - NestJS / JS / Node
- How to import "crypto" system library in NodeJS because it is suddenly undefined?
- NestJS hot reload broken when calling configureGenkit
- Upload dynamic multiple files in Nest JS
- Why save is not called inside jest test
- Where is the NestJS API documentation?
- No metadata for "User" was found