I have run into a login problem with passportjs that has me stumped for a day now, so I can use help. I am using these versions of express & passport in my nodejs project:
"express": "~4.16.1",
"express-session": "^1.17.2",
"passport": "^0.4.1",
"passport-local": "^1.0.0",
session store is a session-file-store.
app.use(session({
store: sessionStore,
secret: process.env.SESSION_SECRET,
resave: true,
saveUninitialized: true,
name: sessionCookieName,
cookie: {
secure: true,
maxAge: Number(process.env.SESSION_MAX_AGE),
sameSite: 'None'
}
}));
The application currently runs on my laptop (macOS), and I can login from my iPhone/iPad without issue. The problem arises if I try to login from the laptop itself, and neither Safari, nor Firefox, nor Chrome changes things. I notice that req.session is properly set within the req.login() function inside the passport.authenticate(), i.e., if I print out req.session within req.login() it has the passport.user.username object attached to req.session when I login. However, the session object stored as a .json file does not update with the {passport: {user: username}} object, and therefore, subsequent requests are not acknowledged as coming from a logged in session. This is not an issue if the login request is from outside the laptop.
router.post('/account/login', function(req, res, next) {
passport.authenticate('local', async function(err, user, info) {
if (err) { return next(err); }
if (!user) {
logger.debug(`[users] login: info = ${util.inspect(info)}`);
let message = { success: false, title: "Login was unsuccessful!", body: info };
return res.render('login', { title: 'App', subtitle: '', message: message });
}
req.login(user, function(err) {
if (err) { return next(err); }
return res.redirect('/');
});
})(req, res, next);
});
Everything was fine until yesterday when I duplicated the project directory, and did a fresh npm install of packages. [Some package versions had minor changes]. The code hasn't changed. Perhaps there was an error in my code that got exposed by some change that I have not been able to track! The login works fine if I launch the application from the previous project directory.
If I put the project on a small multipass ubuntu server on my laptop, and fire it up from there (now it has a different IP), login works fine from the laptop browsers.
I keep thinking that something changed that is causing passport not to update the session file object with the {passport: {user: username}} when the login attempt is coming from the same IP as the server.
Thanks in advance for your help and insights!
The next step in the investigation paid off. I went through all the packages where a newer version may have been installed by npm install, and found two relevant ones: express-session changed from 1.17.1 to 1.17.2, and session-file-store from 1.4.0 to 1.5.0. Reverting back express-session to 1.17.1 did not help, but reverting back session-file-store to 1.4.0 fixed the problem. Phew! [PS: This text was previously posted as a comment on July 30 at 17:57]