node.js express session http-redirect session-cookies

Express Js Cant Redirect

I am building a simple app with has 2 pages i.e login, and a protected page. i have a middleware which checks if the user is logged in on trying to access the route /protected if the user is logged in, he is granted access else redirected to /login

if the passwords match, the user is now given a session and redirected to /protected my codes doesnt work, it keeps redirecting me to /login instead of /protected even tho the login details are coorect

here is my code

const express = require('express');
const app = express();
const port = 8080;
const mongoose = require('mongoose');
const bodyParser = require('body-parser');
const multer = require('multer');
const upload = multer();
const session = require('express-session');
const cookieParser = require('cookie-parser');
mongoose.connect("mongodb://localhost/Barclays_Bank", 
{useUnifiedTopology:true,useNewUrlParser:true,useFindAndModify:false,useCreateIndex:true});
app.set('view engine','pug');
app.set('views','./views');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(upload.array());
app.use(cookieParser());
app.use(session({secret:"secret",cookie:{maxAge:60000},resave:true, saveUninitialized:true}));

var staffschema = mongoose.Schema({
email:{
    type:String,
    unique:true,
},
password:{
    type:String,
    password:String,
}
})
var staff = mongoose.model("staff",staffschema);
 //Route To Render login Page
app.get('/login',(req,res)=>{
res.render('login');
});

//Route To Handle Post request on login page
app.post('/login',(req,res)=>{
staff.findOne({email:req.body.email})
.then((result)=>{
        if(req.body.password === result.password){
            req.session.currentstaff = staff;
            res.redirect('/login');
    }
    else{
        console.log('User Not Found!!!');
    }
})
.catch((err)=>{
    console.log("Error!!!");
})
})

//Middleware Function 
ensureIsLoggedIn =(req,res,next)=>{
if(req.session.currentstaff){
    next();
}else{
    res.redirect('/login');
}
};

//Route To Render Protected Page
app.get('/protected',ensureIsLoggedIn,(req,res)=>{
res.render('protected');
})

//Route to handle post request on logout
app.post('/logout',(req,res)=>{
req.session.destroy((err)=>{
    res.redirect('/login');
    console.log('User loggedout');
})
})

//port
app.listen(port,()=>{
console.log('App is running...');
})

Solution

Looks like you are redirecting the user to the /login route even after they are successfully logged in here

if(req.body.password === result.password){
 req.session.currentstaff = staff;
 res.redirect('/login'); // you should redirect the user to the '/protected' route
}