Node Passport session lost on subsequent calls

Question

I believe I have configured everything correctly:

app.configure(function() {
    app.use(express.cookieParser('secret message')); // secret it set here in new version of express or connect
    app.use(express.bodyParser());
    app.use(express.session());
    app.use(passport.initialize());
    app.use(passport.session());
});

When the request is made to "login" with the correct credentials:

app.post('/api/login', passport.authenticate('local'), function (req, res, next) {
    console.log(req.session.passport);  // {"user":"5259f2739d4323000a000003"}
});

req.session.passport is populated:

"passport": {"user":"5259f2739d4323000a000003"}

However, when a call is made to:

app.post('/api/checklogin', function (req, res, next) {
    console.log(req.session.passport);  // {}
})

req.session.passport is lost:

"passport":{}

Both times, req.session looks like this:

{"cookie":{"originalMaxAge":null,"expires":null,"httpOnly":true,"path":"/"},"passport":{}}

** Passport object is obviously different though, as described above

I assume I have configured serializeUser correctly, because it correctly sets this property.

I am not completely sure how Passport creates session cookies, and how these cookies can persist.

I assume that req.session.passport is supposed to retain the user property, but it seems that the Passport object either:

1. Resets on every call
2. Does not actually save the Passport property in the session
3. The session is never created

I fear that I may be overlooking something large -- possibly something that I may need to do that Passport doesn't handle directly for me.

I do not know of any way to test if the session is created by Passport.

Any advice or help is really appreciated. This has been a multiple day struggle.

Answer 1

Are you using a cluster setup? If so, you need to stop using the default MemoryStore, and switch to something like connect-redis, so different instances of your app can access the shared session data.