passport icon indicating copy to clipboard operation
passport copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

passport.authenticate loses session on success

Open mapocosm opened this issue 10 years ago • 4 comments

I have passport working very well with facebook and google as providers. I am testing login and logout cycles, and it seems the session is dropped from time to time. I'm using connect-dynamodb for the session store. In the auth callback as follows, the req.user object is always available:

app.get( '/auth/facebook/callback', 
    passport.authenticate( 'facebook', { failureRedirect: '/autherror' }), function(req, res) { 
        console.log( '/auth/facebook/callback, req.user = ' + JSON.stringify( req.user ) );
        res.redirect('/setup'); 
    } );

But then the /setup route, as below, will sometimes show req.user as undefined.

app.get('/setup', function(req, res)
{
    console.log( '/setup, req.user = ' + JSON.stringify( req.user ) );
});

Is this normal? Is the session supposed to drop after a login is successful?

mapocosm avatar Jan 11 '15 20:01 mapocosm

More info ... the express session remains valid after the success redirect; it's the passport session that's empty after the redirect.

mapocosm avatar Jan 11 '15 20:01 mapocosm

More info ... when the passport.session fails to exist after redirect, deserializeUser doesn't get called. In this scenario I can login using facebook and then logout - repeat 3 - 4 times and works great, then it fails.

mapocosm avatar Jan 12 '15 01:01 mapocosm

Is it the same race condition mention in this issue? https://github.com/jaredhanson/passport/issues/306

benheymink avatar Feb 23 '15 10:02 benheymink

I had the same problems! I ended up using https://github.com/expressjs/cookie-session instead of https://github.com/expressjs/session. It worked out of the box. I did not have to change a single line of code except for the config.

matthiasprieth avatar Aug 03 '22 08:08 matthiasprieth