req.user clears after 1-2 minutes using passport.js

Question

I am having an issue with my app with the req.user persisting. After a successful login/serializeUser etc, I can see the req.user in the saved, and the application works as desired for about 1-2 minutes. After that, the req.user clears to undefined. I'm using currently using react and calling a method to the server to confirm there is a req.user on componentDidMount. I have no idea why and I'm pretty new to this.

In my server.js:

app.use(bodyParser.json())

// Sessions
app.use(
express-session({
    secret: 'feedmeseymour',
    cookie: { maxAge: 60000 },
    store: new MongoStore({ mongooseConnection: dbConnection }),
    resave: false,
    saveUninitialized: false
})
)
// MIDDLEWARE
app.use(morgan('dev'))
app.use(
bodyParser.urlencoded({
    extended: false
})
)
app.use(bodyParser.json())
app.use(express.static('public'));
app.use(cors());
app.use(bodyParser.urlencoded({extended: true}));
app.use(bodyParser.json());
// Passport
app.use(passport.initialize())
app.use(passport.session())

My login route:

router.post(
    '/',
    function (req, res, next) {
        console.log('Received login information. Username: ' + req.body.username)

        const {errors, isValid } = validateLoginInput(req.body);

        if (!isValid) {
          return res.status(400).json(errors);
        }

        next()
    },
    passport.authenticate('local', {failWithError: true }),
    function (req, res, next) {
          console.log('req.user in the backend: ' + req.user);
        var userInfo = req.user
        res.send(userInfo);
    },
    function (err, req, res, next) {
      res.status(401).send({ success: false, message: err })
    }
)

passport.serializeUser/deserialize methods:

passport.serializeUser((user, done) => {
    console.log('*** serializeUser called, user: ')
    console.log(user) // the whole raw user object!
    console.log('---------')
    done(null, { _id: user._id })
})

// user object attaches to the request as req.user
passport.deserializeUser((id, done) => {
    console.log('DeserializeUser called')
    User.findOne(
        { _id: id },
        'username',
        (err, user) => {
            console.log('*** Deserialize user, user:')
            console.log(user)
            console.log('--------------')
            done(null, user)
        }
    )
})

called on componentDidMount:

getUser() {
      axios.get('/users').then(response => {
        if (response.data.user) {
          this.setUser(true, response.data.username, response.data.super);
        }
        else {
          console.log('no user is logged in')
          this.setUser(false, null, false);
        }
    })
    }

Which calls this route in the back:

router.get('/', (req, res, next) => {
  console.log('req.user:');
  console.log(req.user);
  console.log('------------');
  console.log('req.session:');
  console.log(req.session);
  console.log('------------');
    if (req.user) {
      User.findOne({ _id: req.user._id }, (err, user) => {
          if (err) {
              console.log('logged user retrieval error: ', err)
          } else if (user) {
              console.log('found user from _id: ' + user);
              res.json({ user: req.user, super: user.super })
          }
        })
    } else {
        res.json({ user: null })
    }
})

req.user exists in the back for about 1-2 minutes and then it goes to undefined. I am storing the user in a store in mongodb, and I can see the session still exists there too.

the req.user is saved with information. In a minute, this will change to undefined:

req.user:
{ _id: 5b7ded93525742053a6dd155, username: 'admin' }
------------
req.session:
Session {
  cookie: 
   { path: '/',
     _expires: 2018-09-09T07:10:22.902Z,
     originalMaxAge: 60000,
     httpOnly: true },
  passport: { user: { _id: '5b7ded93525742053a6dd155' } } }
------------

Answer 1

cookie: { maxAge: 60000 }

That's 60.000 milliseconds, or 60 seconds. Exactly the 1 minute you're describing.

Answer 2

Try storing the user in the session object of the request. This way it works for me.