Schmidt
Schmidt
There is no such thing like a session id which one can invalidate. Just throw away the cookie. The session id is just a hash over username, salt, secret and...
Basically a `DELETE _session` just answers with a header that instructs the client to discard the session cookie. Do you use nano in the browser?
better: check `~/.npmrc` for presence of such token and use it: ``` rc @myscope:registry=https://npme.myregistry.org/ https://npme.myregistry.org/:_authToken=7fd78dea2be7f6dbd127e75fbb5cd49601f87fc9 ```
I received 2FA pin (via SMS) but cli aborts without asking for it.
This is an example of how npm resolves the token per registry: https://github.com/npm/npm/blob/master/lib/whoami.js#L14
For npm Enterprise its recommendet to store the token in `~/.npmrc`: http://blog.npmjs.org/post/106559223730/npm-enterprise-with-github-2fa That way we could just get it from there and would be fine.
I'm not totally sure that > If that returns a registry we know this is npme is true.
No one prevents me from adding such an entry for [npm Private Modules](https://www.npmjs.com/private-modules): ``` rc @jo:registry=https://registry.npmjs.org/ ```
Are you sure that ``` sh npm logout --registry https://npme.myregistry.org ``` invalidates the token? I just tried and got an 500 response: ``` sh Registry returned 500 for DELETE on...
I think thats a different use case now. I assume that the token we're using for the CI setup can be different from the one in our `.npmrc`. So the...