https://kotlinlang.org logo
#ktor
Title
# ktor
c

codec

05/05/2020, 4:42 AM
I also have a question about authentication. When a user logs out, how do we invalidate the UserIdPrincipal and clear out the UserPasswordCredential?
c

crummy

05/05/2020, 4:44 AM
this is what I do:
Copy code
call.sessions.clear<User>()
c

codec

05/05/2020, 4:51 AM
is User your own custom class?
c

crummy

05/05/2020, 4:53 AM
yeah
c

codec

05/05/2020, 4:53 AM
how could that possibly work tho?
if the UserPrincipal object is still in existence?
c

crummy

05/05/2020, 4:59 AM
I don't know the internals. But I believe this code that I'm using sets up an internal storage of Users:
Copy code
cookie<User>(USER_SESSION, SessionStorageMemory()) {
            cookie.path = "/"
        }
I believe calling call.sessions.clear will clear the cookie in the response, and also remove the user from internal storage.
c

codec

05/05/2020, 5:01 AM
ok, i’ll try that.