- // TODO: cookie + redirect is enough (https, secure cookie
- // https://www.information-security.fr/securite-sites-web-lutilite-flags-secure-httponly/ )
- UserModel.logout(req.cookies.token, (err,ret) => {
- access.checkRequest(res, err, ret, "Logout failed", () => {
- res.clearCookie("token");
- req.user = null;
- res.redirect('/');
- });
- });