Reputation: 77
passport js session user is always the same user
I am using express sessions to manage my users via google and Facebook login, I have setup a login where the user is logged out after clicking or after going to /logout URL but all of the sudden if i log in with two different google accounts i still see that old user maintained in req.user and all users are loaded with the details of the same req.user, what might have done wrong here?
Here is my config
var store = new MongoDBStore({
uri: dbUrl,
collection: "sessions",
});
app.use(
session({
secret: "keyboard cat",
resave: false,
saveUninitialized: true,
store: store,
})
);
app.use(methodOverride());
app.use(cookieParser("some-secret-value-here"));
app.use(passport.initialize());
app.use(passport.session());
app.use(passport.authenticate("session"));
app.use(function (req, res, next) {
res.locals.session = req.user;
next();
});
Here are my auth routes
router.get("/logout", function (req, res, next) {
req.logout(function (err) {
if (err) {
return next(err);
}
res.redirect("/");
});
});
//google authentication
router.get(
"/auth/google",
passport.authenticate("google", { scope: ["email", "profile"] })
);
router.get(
"/auth/google/callback",
passport.authenticate("google", {
successRedirect: "/dashboard",
failureRedirect: "/login",
})
);
//facebook authentication
router.get(
"/login/facebook",
passport.authenticate("facebook", {
scope: ["email", "public_profile"],
})
);
router.get(
"/oauth2/redirect/facebook",
passport.authenticate("facebook", {
failureRedirect: "/login",
failureMessage: true,
}),
function (req, res) {
res.redirect("/dashboard");
}
);
Here is my passport serialize and deserialize user
passport.serializeUser(function (user, done) {
done(null, user._id);
});
passport.deserializeUser(function (id, done) {
User.findById(id, function (err, user) {
done(err, user);
});
});
Upvotes: 1
Views: 188
Answers (1)
Reputation: 528
I have this problem too and I have solved it. I was using req.sessionStore.sessions but the only right solution is to use req.user nothing else. For more info see Express Passport.js: req.user VERSUS req.session.passport.user
Upvotes: 1
Related Questions
- Passportjs not saving user into session after login
- Passport user not set on Express session but is available on sockets handshake
- Passport.js Session Confusion
- Passport req.user not persisting across requests -
- One session per user - passport JS
- NodeJS and Passport: user is randomly changing
- Session issues with Passportjs
- Passport wont save within session variable. req.user does not exist after navigating
- Nodejs user profiles and sessions
- passport.js not passing user to session