req.isAuthenticated() is true.req.isAuthenticated() is now false.req.isAuthenticated() reads true and remains true in subsequent requests until signed out.I would say, this happens about 80% of the time. The other 20%, hompage req.isAuthenticated() is true on redirect and subsequent reloads.
I found a similar question, but I don't think the answer doesn't seem correct as pointed put by the comment and since with my setup subsequent requests are correctly authenticated until signed out.
router.post('/sign_in', (req, res) =>
{
passport.authenticate
(
'local',
(err, user, info) =>
{
if(!err && user)
{
req.logIn(user, (err) =>
{
if(!err)
{
console.log('s', req.isAuthenticated()); // <-- true
res.setHeader('Cache-Control', 'no-cache');
return res.redirect('/');
}
});
}
}
)(req, res);
}
And :
router.get('/', async (req, res) =>
{
console.log('h', req.isAuthenticated()); // <-- false ???
res.send();
}
If it matters, my session setup looks like this:
app.use
(
session
({
store : //...
secret : process.env.SESSION_SECRET,
resave : false,
saveUninitialized : true,
cookie :
{
httpOnly : false,
secure : false,
maxAge : null
}
})
);
How might this be fixed ?
The problem seems to be caused by a bug. See:
The workaround is to save session before redirecting.
req.session.save(() =>
{
return res.redirect('/');
});