Auth-module: Client side logout does not clear auth details in store

Created on 15 Mar 2018  路  8Comments  路  Source: nuxt-community/auth-module

We are seeing this behaviour:

  1. Login using jwt token and cookie
  2. Navigate to page that has auth middleware enabled.
  3. Logout (checking dev tools and vuex store auth is cleared).
  4. Refresh the browser.
  5. User details are reinstated in vuex store auth.

This doesn't have to be on the same machine, somebody coming to the secured page on another machine sees the auth details of the original user.

I don't know if this is a bug as it seems quite critical so I'm guessing I may be doing something wrong. My current workaround is to add this code to my store actions:

async nuxtServerInit ({ state, dispatch }, { req }) {
    if (req.headers.cookie) {
      const cookies = cookieparser.parse(req.headers.cookie)
      if (!cookies.auth) {
        await dispatch('logout')
      }
    }
  }

This question is available on Nuxt.js community (#c72)
picture dfcook

Most helpful comment

@dfcook check your store, this kinds of things happens when state is an object and always is passed by reference, because of this your state is the same instance for all users.

Bad example:
store/index.js

const state = {
  isMenuOpen: false
}

const createStore = () => {
  return new Vuex.Store({
    state
  })
}

Good example:
store/index.js

const createStore = () => {
  return new Vuex.Store({
    state: {
      isMenuOpen: false
    }
  })
}

I hope this will help.

picture javialon26 on 3 Apr 2018
👍3 😄2

All 8 comments

@dfcook Which version are you using ?

syffs picture syffs on 15 Mar 2018

@Syffs 4.0.0-rc.3

dfcook picture dfcook on 15 Mar 2018

@dfcook Do you have the same problem using the dev branch ?

breakingrobot picture breakingrobot on 29 Mar 2018

@dfcook check your store, this kinds of things happens when state is an object and always is passed by reference, because of this your state is the same instance for all users.

Bad example:
store/index.js

const state = {
  isMenuOpen: false
}

const createStore = () => {
  return new Vuex.Store({
    state
  })
}

Good example:
store/index.js

const createStore = () => {
  return new Vuex.Store({
    state: {
      isMenuOpen: false
    }
  })
}

I hope this will help.

javialon26 picture javialon26 on 3 Apr 2018
👍3 😄2

There shouldn't be any general issue with 4.0.1. Please reopen if you are sure this problem still exists.

image

pi0 picture pi0 on 3 Apr 2018

The state object was the issue, thanks it is now resolved.

dfcook picture dfcook on 3 Apr 2018
👍1

@dfcook check your store, this kinds of things happens when state is an object and always is passed by reference, because of this your state is the same instance for all users.

Bad example:
store/index.js

const state = {
  isMenuOpen: false
}

const createStore = () => {
  return new Vuex.Store({
    state
  })
}

Good example:
store/index.js

const createStore = () => {
  return new Vuex.Store({
    state: {
      isMenuOpen: false
    }
  })
}

I hope this will help.

thank you so mouch . this problem has bothered me whole day.

rason560 picture rason560 on 12 Oct 2018
👍1

if u are using nuxt auth u can try

this.$auth.strategy.token.reset();

Benyaminrmb picture Benyaminrmb on 28 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

javialon26 picture javialon26  路  3Comments
manniL picture manniL  路  4Comments
Amoki picture Amoki  路  3Comments
DougHayward picture DougHayward  路  4Comments
varna picture varna  路  4Comments