passport icon indicating copy to clipboard operation
passport copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

passport.authenticate loses session on success

Open mapocosm opened this issue 9 years ago • 4 comments

I have passport working very well with facebook and google as providers. I am testing login and logout cycles, and it seems the session is dropped from time to time. I'm using connect-dynamodb for the session store. In the auth callback as follows, the req.user object is always available:

app.get( '/auth/facebook/callback', 
    passport.authenticate( 'facebook', { failureRedirect: '/autherror' }), function(req, res) { 
        console.log( '/auth/facebook/callback, req.user = ' + JSON.stringify( req.user ) );
        res.redirect('/setup'); 
    } );

But then the /setup route, as below, will sometimes show req.user as undefined.

app.get('/setup', function(req, res)
{
    console.log( '/setup, req.user = ' + JSON.stringify( req.user ) );
});

Is this normal? Is the session supposed to drop after a login is successful?

mapocosm avatar Jan 11 '15 20:01 mapocosm

More info ... the express session remains valid after the success redirect; it's the passport session that's empty after the redirect.

mapocosm avatar Jan 11 '15 20:01 mapocosm

More info ... when the passport.session fails to exist after redirect, deserializeUser doesn't get called. In this scenario I can login using facebook and then logout - repeat 3 - 4 times and works great, then it fails.

mapocosm avatar Jan 12 '15 01:01 mapocosm

Is it the same race condition mention in this issue? https://github.com/jaredhanson/passport/issues/306

benheymink avatar Feb 23 '15 10:02 benheymink

I had the same problems! I ended up using https://github.com/expressjs/cookie-session instead of https://github.com/expressjs/session. It worked out of the box. I did not have to change a single line of code except for the config.

matthiasprieth avatar Aug 03 '22 08:08 matthiasprieth