https://kotlinlang.org logo
Join Slack
Powered by
I also have a question about authentication. When ...
# ktor
c
I also have a question about authentication. When a user logs out, how do we invalidate the UserIdPrincipal and clear out the UserPasswordCredential?
c
this is what I do:
Copy code
call.sessions.clear<User>()
c
is User your own custom class?
c
yeah
c
how could that possibly work tho?
if the UserPrincipal object is still in existence?
c
I don't know the internals. But I believe this code that I'm using sets up an internal storage of Users:
Copy code
cookie<User>(USER_SESSION, SessionStorageMemory()) {
            cookie.path = "/"
        }
I believe calling call.sessions.clear will clear the cookie in the response, and also remove the user from internal storage.
c
ok, i’ll try that.
Open in Slack
PreviousNext
Powered by