signOut - User Logout
- Type:
() => void - Description: Signs out the current user by clearing their authentication cookie. After calling this function,
request.authwill beundefinedon subsequent requests.
Basic Usage
<%
signOut()
redirect('/login')
%>
Common Use Cases
Logout Button/Form
<%
if (request.method === 'POST' && formData.action === 'logout') {
signOut()
redirect('/login')
}
%>
<form method="POST">
<input type="hidden" name="action" value="logout">
<button type="submit">Sign Out</button>
</form>
Session Expiry Handler
<%
if (request.auth) {
const lastActivity = new Date(request.auth.get('lastActivity'))
const now = new Date()
const inactiveTime = now - lastActivity
if (inactiveTime > 30 * 60 * 1000) { // 30 minutes
signOut()
redirect('/login?reason=session_expired')
return
}
}
%>
Important Notes
Cookie Management: This function:
- Clears the authentication cookie
- Takes effect immediately
- Does not require a server response
Security Considerations:
- Always redirect after logout
- Clear any client-side state
- Consider implementing CSRF protection
- Use POST requests for logout actions
Best Practices:
- Redirect to login page after logout
- Show confirmation messages
- Handle errors gracefully
- Consider cleanup of user-specific data
Client-Side Integration:
- This function only clears the server-side cookie
- If using the PocketBase JS SDK on the frontend, you'll need to handle its authentication state separately
- The SDK uses localStorage for JWT storage, which isn't affected by cookie changes
- Consider implementing a complete logout that handles both:
<!-- Complete logout handling -->
<script>
// Assuming you have the PocketBase SDK initialized as 'pb'
async function handleLogout() {
// Clear SDK state
pb.authStore.clear()
// Call server-side logout
await fetch('/logout', { method: 'POST' })
// Redirect to login
window.location.href = '/login'
}
</script>
<button onclick="handleLogout()">Sign Out</button>