passport-http-bearer icon indicating copy to clipboard operation
passport-http-bearer copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Setting { session: false } doesn't seem to work

Open yizhao opened this issue 10 years ago • 3 comments

I have a node/express webapp with session setup. I use connect-mongo to store the sessions in mongodb, in a collection called 'sessions'. Hitting any rest endpoints on node/express seems to create/update an entry in the sessions collection.

Two questions:

  1. I only enforce the local strategy on the /login endpoint. Why does a session get created every time an endpoint is hit? If the user isn't logged in, why does a session need to be created?
  2. I implemented a new 'bearer' strategy. Configured it so session=false. passport.authenticate('bearer', { session: false }, function(err, user, info)

This still creates a session in the mongodb. Why is that?

yizhao avatar Jul 07 '14 19:07 yizhao

I have the same setup and get the exact same thing. Did you manage to find a solution to this, @yizhao?

simonbs avatar Sep 16 '14 09:09 simonbs

@simonbs we got around this issue by adding a piece of middleware in express before the session stuff which checks if user is logged in or about to log in, if not, don't do all this session business.

yizhao avatar Oct 23 '14 16:10 yizhao

I have the same issue. The documentation specifies that one can set session:false and not establish a session, so is this then a bug?

etcetc avatar Apr 09 '17 00:04 etcetc