What my code should do : In login Page , after logging in I am getting access to protected page but after deleting current the tab and opening new tab and hitting endpoint of protected page I shouldn’t get access to that protected page
Problem or Issue : After logging in I am getting access to protected page ,but when I the close tab and opening new tab and hitting the endpoint of protected page I am getting access to protected page even the JWT is not stored in cookie , an the JWT of last logged in user is getting access in console
Code for validating credential and generating JWT when logging in :
app.post('/login/recorded',async(req,res)=>{
// const loginUser= new RegistrationModel();
const findData=await RegisterationModel.findOne({email:req.body.email});
try{
console.log(findData);
if(findData==={}){
res.send("not found");
}
if(findData.email===req.body.email && findData.password===req.body.password){
const token = await findData.generateAuthToken();
res.cookie('jwt',token,{
httpOnly:true // you cant delete manually
});
// console.log(`cookie : ${req.cookies.jwt}`);
res.redirect('/index');
console.log(token)
// res.send("you are logged in");
}
else{
res.send("invalid");
}
}
catch(error){
console.log(error);
}
})
Code for authenticating the JWT when generated during logging and stored in cookie :
const auth =async(req,res,next)=>{
try{
console.log("auth")
// console.log(token);
const token=req.cookies.jwt;
const verifyUser=jwt.verify(token,'helloworld');
const user=await RegisterationModel.findOne({_id:verifyUser._id});
// console.log(user);
console.log(verifyUser);
res.cookie('jwt',' ',{maxAge:1});
next();
}
catch(error){
res.status(401).send(error);
console.log(error)
}
}
code for secret page route :
app.get('/secretpage',auth,(req,res)=>{
res.render('secret');
})
code for index .hbs
<html>
<head>
<title>Index Filee</title>
</head>
<body>
<ul>
<li><a href="/secretpage">Secret Page</a></li>
<li><a href="/login">Login</a></li>
<li><a href="/register">Register</a></li>
</ul>
</body>
</html>
After hitting the protected endpoint in new tab , the JWT token is not stored in cookie and getting token of last logged in user in console