CSRF-X Auth Library - v1.0.3
    Preparing search index...

    Class LogoutClient

    Client for logging out of a CSRF‑protected web application.

    The client loads a previously cached session (from AuthClient), extracts
    the cookies and CSRF token, and sends a POST request to the logout endpoint.
    If the logout request succeeds (HTTP 2xx or 3xx), the local session cache is
    deleted. Any server error or invalid response throws an appropriate AuthError.

    The client is configurable via environment variables (.env file) or constructor
    options. It supports retries with exponential backoff and optional
    Referer/Origin headers.

    Important: A valid session must have been created by AuthClient
    and cached to disk before using LogoutClient. Use hasValidSession
    from AuthClient to verify.

    // Basic usage
    const logout = new LogoutClient();
    await logout.logout(); // uses cached session
    // Override base URL and disable Referer header
    const logout = new LogoutClient({
    baseUrl: 'https://example.com',
    sendReferer: false
    });
    await logout.logout();
    // Explicit CSRF token (if needed)
    await logout.logoutWithToken('custom_csrf_token');

    @public

    0.1.1

    Index

    Accessors

    • get configRef(): EnvConfig

      Returns the internal EnvConfig instance for advanced inspection.

      Returns EnvConfig

      Provides access to the normalized configuration, including base URL
      and logout path.

    Constructors

    • Creates a new LogoutClient instance.

      Parameters

      • options: LogoutOptions = {}

        Optional overrides for environment‑based configuration.

      Returns LogoutClient

      Configuration is resolved from constructor options first, then from environment
      variables (.env file or Bun.env). The client expects a valid session
      to have been previously saved by AuthClient.

      // Using environment variables only
      const logout = new LogoutClient();
      // Custom cache directory and timeout
      const logout = new LogoutClient({
      cacheDir: './my-cache',
      timeoutMs: 30000
      });

    Methods

    • Performs the logout using the CSRF token stored in the cached session.

      Returns Promise<void>

      With code NOT_AUTHENTICATED if no valid session exists in cache.

      With code CSRF_EXPIRED on HTTP 419.

      With code VALIDATION_ERROR on HTTP 422.

      With code TOO_MANY_REQUESTS on HTTP 429.

      With code SERVER_ERROR on HTTP 5xx.

      With code LOGOUT_FAILED for other non‑2xx responses.

      Steps:

      • Loads the session from disk cache (throws NOT_AUTHENTICATED if missing/invalid).
      • Sends a POST request to the logout endpoint with _token and cookies.
      • On success (HTTP 2xx/3xx), deletes the local session cache.
      • On failure, throws an appropriate AuthError.

      The request uses retries with exponential backoff for transient failures
      (HTTP 5xx and network errors).

      await logout.logout();
      
    • Performs the logout using an explicitly provided CSRF token.

      Parameters

      • csrfToken: string

        The CSRF token to send in the logout request.

      Returns Promise<void>

      Same as logout.

      This method is useful when the cached token may be outdated or when the
      caller has a more recent token (e.g., after refreshing the CSRF token).
      The session cookies are still loaded from the cache; only the token is overridden.

      const freshToken = await someMethodToRefreshToken();
      await logout.logoutWithToken(freshToken);

      logout

    • Clears the local session cache without sending a logout request.

      Returns Promise<void>

      Use this method if you want to discard the cached session without
      notifying the server (e.g., for testing or manual cleanup).
      This does not invalidate the session on the server side.

      await logout.clearCache();
      
    • Loads the cached session from disk without validation.

      Returns Promise<SessionData | null>

      The stored session, or null if none exists.

      This method does not check the loggedIn flag or session freshness.
      Use AuthClient.hasValidSession for validity checks.

      const session = await logout.loadCache();
      if (session) console.log('Session exists, token:', session.csrfToken);

    Properties

    config: EnvConfig

    Validated configuration object (base URL, paths).

    Contains normalized and validated values from environment variables
    and constructor overrides. Read‑only after construction.

    cacheManager: CacheManager

    Disk cache manager for reading the session.

    Handles loading session data from the file system. The cache file path
    can be obtained via CacheManager.cacheFilePath.