ExpressJs , Node Js , Passport - logout back button - node.js

I have a query regarding back button. As we know that after pressing logout button, if user presses back button than it must be redirect to the login page not to the authenticated page.
I tried to find the solution but can't fix it out in my case.
Thanks in Advance
Here is my routes.js screenshot:

When the user navigates back in the browser, the data is shown from the local browser cache, and not requested from your server. 
Using the following setup when the browser back button, the page is reloaded and not cached.
// caching disabled for every route
server.use(function(req, res, next) {
res.set('Cache-Control', 'no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0');
next();
});
// otherwise put the res.set() call into the route-handler you want

You can use ensureLoggedIn
First install ensureLoggedIn by npm install
var ensureLoggedIn=require("connect-ensure-login").ensureLoggedIn
app.get('/profile', ensureLoggedIn('/login'),function(req,res){
res.sendFile(__dirname +'/public/selflocates.html');
})

Related

SailsJs: getting "304 not modified" page after deploy

I'm trying to update my SailsJs application to fix the blank page wich I'm geting on Heroku, but I'm getting the status 304 not modified from browser.
I think I did everything I need to fix the blank page on my app, but I dont know why the page is not updating on Heroku
My Procfile:
web: node app.js
I appreciate if anyone can help.
Thanks!
I don't think that you need to fix anything. If you try to call the same url using POSTMAN or different browser you should get status 200.
You can add this to a policy instead and then just apply it to the specific pages/requests you want - if you do not want to set this for the entire application.
/api/policies/nocache.js:
/**
* Sets no-cache header in response.
*/
module.exports = function (req, res, next) {
sails.log.info("Applying disable cache policy");
res.header('Cache-Control', 'private, no-cache, no-store, must-revalidate');
res.header('Expires', '-1');
res.header('Pragma', 'no-cache');
next();
};
Don't forget to include nocatche into config/policy.js
'*': 'nocatche'

too many redirects in express

I want to handle all my cookies and session stuff in a function then redirect to the destination path. I use this function in Express:
app.all('*', function(req, res, next){
if('_id' in req.session)
next()
else if('userInfo' in req.cookies){
req.session._id = req.cookies.userInfo._id
next()
} else {
res.redirect('../login')
}
res.end()
})
but browser print this error:
net::ERR_TOO_MANY_REDIRECTS
what's the problem?
This error occurs when a web browser is redirecting you to another web page which then that web page redirects you back to the same browser again. Your configurations are wrong. app.all('*', ..) runs again and again whenever a request is made, which causing repetition.
You need to have better configurations than app.all(*..) //all. You need to specify it more so that it doesn't repeat itself.
I would say limit it down to some urls and not all of them. You could do
app.get('/cookieCheckerPage', function(req, res){
//code here
});
Also please see Error 310 (net::ERR_TOO_MANY_REDIRECTS):

node sessions not clearing in production

I am using client-sessions with node and express, and I am having trouble logging out users.
my logout function does a
req.session.user=null
that is:
userRouter.get('/logout', function(req, res, next) {
req.session.user = null
res.sendStatus(200)
});
(I also tried delete req.user, req.user.destroy(), and other variants).
in dev env, on localhost, it works great.
in production environment, logout is called, but the next time the user refreshes the page on the browser, the user is still logged in.
same code in dev and production.
Anybody has any idea?
thanks....
According to this blog post on client-sessions, you can use this:
userRouter.get('/logout', function(req, res, next) {
req.session.reset();
res.sendStatus(200);
});
so it the end the issue was that I did not have
headers: {
'Accept': 'application/json',
},
in the call from the client. I a bit puzzled by this, it seems as the server would set the session (through nginx) only if the client had this header, while in localhost it sets sessions correctly without this.

Node Express - res.redirect() not behaving as expected

I am trying to redirect to a login page after successfully logging a user out, but am having an issue when calling res.redirect() from my logout route handler in express.
I have the following middleware to redirect a user to a login page (note I am using express-session too)
//A request to '/login' will serve the login page
app.use('/login', function(req, res){
res.sendFile(path.join(__dirname+'/public/login.html'))
});
//This will listen for all requests
app.use(function(req, res, next) {
//Here we only want to redirect to the logic route (above) if the request is not
//a login action and there is no access token present on the session object
if (req.url!== '/auth/login' && !req.session.accessToken) {
res.redirect('/login');
} else {
next();
}
});
This redirect above works as expected.
When a user performs a logout, I handle like so:
app.post('/auth/logout', function(req, res){
req.session.destroy();
res.redirect('/login');
});
I can see in Chrome debugger, the network tab shows my login view is being served back to the browser, but the browser window does not change. I notice the login.html is being returned with a 304 code too if that has any relevance. I'm feeling a bit dumb but am failing to see what's different here, can someone shed some light please?
Thanks

change url on res.redirect in expressjs

app.get('/logout', function (req, res){
req.url='/';
console.log('req.url is ' + req.url);
req.session.state = null;
res.redirect('/login');
});
upon redirect, the 'url' remains the same. I want it to change it too. Which i tried to do using req.url. But it does not reflect on the url-bar. How do you change that?
Note:- I'm using Angularjs Routing so the res.redirect is not automatically updating the url.
Edit:-
Angular Code:-
$http({method: 'GET', url: '/logout'}).
success(function(data, status, headers, config) {
console.log('happened');
}).
error(function(data, status, headers, config) {
// called asynchronously if an error occurs
// or server returns response with an error status.
});
By default res.redirect will send a response with a 302 status code and a Location header with the URL you call the function with. So in your case something like:
HTTP/1.1 302
Location: http://example.com/login/
You will need to handle this on the AngularJS side to change the URL.
I tried the solution above but no luck. I was getting the error: header ‘authorization’ is not allowed according to header
I searched a day and tried all solutions provided in the web for this problem, I set res.header( "Access-Control-Allow-Headers", "Origin, Authorization, Accept, Content-Type") in several ways, studied many articles and performed many changes in my backend but seemed that firefox couldn't find Authorization that it was looking for.
but above answer gave me an idea to do redirect in a much easier way! I just send my url to front-end in the request response like below:
res.status(201).json({
message: "Order registered",
redirectUrl: "http://localhost:3000/payment-check?query"
})
Then in the front-end (reactJS), I do replace window location:
window.location = res.data.redirectUrl
and it redirects with no problem and in the best way.

Resources