Problem

Simply returning { anonymous: true } in authenticate() breaks the logout function when using a socket connection. params.user is never changed, even after logging out from an external socket-io connection.

I ran into this issue when using a hook to populate information about whether the logged in user has liked a post, and of course I want this feature to be conditional on whether there is a logged in user. I thought this anonymous authentication example would be perfect.

Much to my dismay, even after logging out (which I'm certain occurred, because other features that require authentication returned errors from the server), the server continued to return information about the previously logged in user.

This is because my hook was testing against the truthiness of params.user rather than params.anonymous, and my problem could've been solved this way as well. However, I find it to be an issue on its own that params.user remains untouched even after using a different authentication strategy.

I returned { anonymous: true, user: null } in authenticate() and this fixed the issue for me. I believe this might be a good addition to the guide to clarify exactly how fluid the params modification is and why it's good to explicitly set user to null.

Can you confirm this is happening in the latest version (v4.5.4) as well? There was an issue around this that was fixed in v4.5.3.

Oops. That's probably the fix. I'll update and try again. Sorry about that 😆

Closing since it should be fixed. Let me know if this is still a problem in the latest version.