We would expect the session to get updated after Passport does its thing. I've tried a few different configurations based on existing projects. I also was facing same problem, but @PVThomas gives me solution, as in here in Answers. deserializeUser function. Sign up for a free GitHub account to open an issue and contact its maintainers and the community. My problem was with findById() method in deserialize(). Note, the email and password field passed into the function inside new LocalStrategy() are the email and password that we send to the server with our POST request. When the user signs in with Google, they are sent back to my application. The default value is undefined. Thanks Alex! I know its late, but I face this issue with FB login strategy. array. credential. The req.sesion._passport set by #login does not equal the one accessed by initialize, which is an empty obj; in this case, logging in does not work until I load another route. a session ID (sid). express-sessions A session store supporting both MongoDB and Redis. if the secret is not the same between this module and cookie-parser. This is why you can create an account or sign in and it authenticates fine at first but later on you find out req.user is undefined or req.isAuthenticated() is false throughout the app. So I am sure this is the fetch compatibility issue! If you remember, the pre-saved data didn't have a user (because Passport never logged them in), so the user ends up being considered logged off. In contrast to the above example, the Some web browsers or other clients may be adopting this specification. which will authenticate the request. Note if you have multiple apps running on the same hostname (this is just First, lets install bcrypt on our server. express-session-cache-manager Now, if we call our curl request with the -b flag again. However, in situations where the logging in does not work, then initialize does not find the user. It looks like the req.body is undefined. This can be either a string it to be saved. Fear not! Installation is done using the Also, are you using AJAX to retrieve the protected route?
