expressjs passport mongodb session not found

Question

I use passport.js + express.js + mongodb, I think it is a very descent way to implement server authentication, however, I found some weird.

To setup the session storage:

  // CookieParser should be above session
  app.use(cookieParser());
  app.use(cookieSession({ secret: 'secret' }));
  app.use(session({
    resave: true,
    saveUninitialized: true,
    secret: pkg.name,
    store: new mongoStore({
      url: config.db    
    })
  }));

  // use passport session
  app.use(passport.initialize());
  app.use(passport.session());

Then, whenever I log in, I check my mongodb, but find no sessions collection.

Anyone knows why?

Thanks.

Answer 1

You are using the cookie-session module and the express-sesion module. These two middlewares are fighting each other. Both modules implement sessions, and you need to use only one of the two. cookie-session storers sessions in cookies, and in your case express-session will store your sessions in Mongo. Which one you choose is up to your application requirements.

The details around your issue are that, since its first in middleware stack, cookie-session is creating a req.session property. Then the express-session code sees that this property already exists and decides to do nothing. This is why Mongo is not showing sessions.

Answer 2

I may be wrong, but from what I understand the the user session created by passport js is not stored in the db. When a sessions begins it will go to your db and grab the user info. If the user info exists then it will attach the session to req.user. At no point does it actually save the session to the db unless you add custom functionally to store session info once the session is initalized. Maybe this article will help you understand a bit more what is going on. If you would like to save the session info maybe create a model that will accept the information stored in a req.user and have it save once a session has began.