I am not able to get this working for me, do you have a working example for same

[idmanish]

[aembke]

Can you describe what you tried and what error message you saw?

[idmanish]

To add my token with session in redis , I wrore below code.
req.jwtSession.user = user.toJSON();

  // Manish-this will be attached to the JWT Redis
  var claims = {
      iss: "test",
      aud: "http://localhost:9000"
  };
  req.jwtSession.create(claims, function(error, token){
      res.json({ token: token });
  });

---

It able to add just user in redis with a session UUID , which I passed in redis ( req.jwtSession.user = user.toJSON();)

Later at the time of logout I tried this
req.jwtSession.destroy(function(error){
console.log("Session removed from redis", error);
});

then I am getting error:- "Error: Invalid session id"

I am not sure how to pass session id to this.

[aembke]

That error means that the request did not contain a valid JWT, or that the session had already expired or been removed from redis. If you console.log(req.jwtSession) what values do you see?

[idmanish]

In can see in "Redis Desktop manager" that session is available,
I am just doing login and immediately logout.
console.log-- after login
Request JWT session data: { create: [Function],
touch: [Function],
update: [Function],
reload: [Function],
destroy: [Function],
toJSON: [Function],
user:
{ _id: 5670cf84ace2e45042927e7b,
provider: 'local',
name: 'manish',
email: 'manish@abc.com',
userid: 4567890,
} }

console.log-- Just before logout
req.jwtSession------------------------- { create: [Function],
touch: [Function],
update: [Function],
reload: [Function],
destroy: [Function],
toJSON: [Function] }

One more things...I want to handle scenario like force browser close, how can I destroy my session in this case of browser close

[aembke]

Can you also verify that you're passing the JWT on the logout request? That console.log info seems to show that the module did not find the JWT in the logout request. I would also log the data from the express request object to verify that you're passing the JWT in the query, body, or headers.

[idmanish]

yes, I am passing jwt token with each request using interceptor at client side
I am also verifying all client request using server side with a additional middleware
app.all('/api/v1/auth/*', auth.isAuthenticated());

auth.isAuthenticated() actually doing this validateJwt(req, res, next);

Its validating JWT token
so JWT is available but not sure why "req.jwtSession-" is not having user info which is there in redis

Since I am not able to delete Redis session there are multiple entries in redis for same user.