Express + Passport - req.session.passport undefined on subsequent requests

Question

I have started developing little project where I have React with Redux on the client side, and the backend is being done with Node, Express and Passport.js I will try to describe best What I am struggling with for some hours. after authentication, when user is being send from server to client, field req.session.passport is set, along with req.user. but when i do next request, no matter is it logout or for example /something/add these fields are undefined.

when authenticating, serializeUser is being called, but deserializeUser not and i dont think it should here, maybe im wrong. as far as I went into debugging the problem, req.login is being called too. on the next requests it seems that passport isnt doing anything, and i'm out of ideas and anwsers from SO and google. i didnt try the custom callback.

req.session just before sending anwser to client looks like:

Session {
  cookie:
   { path: '/',
     _expires: 2017-01-11T02:31:49.235Z,
     originalMaxAge: 14400000,
     httpOnly: false,
     secure: false } }

the code on the server side is:

    passport.serializeUser(function(user, done) {
        done(null, user._id);
    });

    passport.deserializeUser(function(id, done) {
        global.Models.User.findById(id, function(err, user) {
            done(err, user);
        });
    });

    passport.use(new LocalStrategy(
        {
            usernameField: 'login',
            passwordField: 'password',
            passReqToCallback: true
        },
        function(req, login, password, done) {
            global.Models.User.logIn({login: login, password: password}, function(err, user){

                if(err){
                    done(err);
                }
                else{
                    done(null, user);
                }

            });
        }
    ));
    var app = express();
    var router = express.Router();
    router.use(cookieParser());
    router.use(bodyParser.urlencoded({extended: false}));
    router.use(bodyParser.json());
    router.use(session({
        cookie : {
            secure : false,
            maxAge : (4 * 60 * 60 * 1000),
            httpOnly: false
        },
        secret: this._config.session.secret,
        resave: false,
        saveUninitialized: true
    }));
    router.use(passport.initialize());
    router.use(passport.session());

    require('./Router')();
    app.use(router);

session object here is the express-session. code under is the Router.js required above

var User = require('../Models/User');
var News = require('../Models/News');

var passport = global.Application.getInstanceOf("passport");

function setRoutes(){
    router.use(function (req, res, next) {

        var log = global.Application.getInstanceOf("logger");

        var clientIP =  req.headers['x-forwarded-for'] || 
                        req.connection.remoteAddress || 
                        req.socket.remoteAddress ||
                        req.connection.socket.remoteAddress;

        log.log("info", req.method + " request from ip: " + clientIP);

        res.header('Access-Control-Allow-Origin', 'http://localhost:8080');
        res.header('Access-Control-Allow-Credentials', true);
        res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH,OPTIONS');
        res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');

        if('OPTIONS' == req.method){
            res.sendStatus(200);
        }
        else{
            next(); 
        }       

    });

    router.get('/ping', function(req, res){
        res.send('ping');
    });

    router.get('/login/:login', (req, res) => {
        Database.client.query(Database.queries.USER_LOGIN, {login: req.params.login}, {useArray: true}, 
        (err, rows) => {
            if(err){
                res.send({error: "ERROR_DATABASE"});
            }
            else{
                res.send(rows[0][0]);
            }
        });
    });

    router.post('/login', passport.authenticate('local', {session: true}), 
        function(req, res){
            console.log(req.session);
            req.session.save();
            res.send(req.user);
        }
    );

    router.post('/register', (req, res) => {
        User.create(req.body, (err, result) => {
            if(err){
                res.send({error: "ERROR_DATABASE"});
            }
            res.send(result);
        });
    });

    router.get('/logout', function(req, res){
        console.log(req.session);
        req.logout();
        res.sendStatus(200);
    });

    router.post('/cms/article', isAuthenticated, (req, res) => {
        res.send("BLA");
    });

    function isAuthenticated(req, res, next){
        console.log(req.user);
        console.log(req.session);
        console.log(req.session.passport);
        if(req.isAuthenticated()){
            next();
        }
        else{
            res.send("OK");
        }
    }
}

module.exports = setRoutes;

Answer 1

I have solved the problem.

Explanation: Cookie was being sent by express to client, but it wasn't saved. For that, it needed change from using $.post to $.ajax with xhrFields option set to {withCredentials: true}.

Aside from that, the problem could also be that, that cookieParser probably need to know cookie secret too now.