req.logIn() never sets cookie-session in the latest version of passport(0.6.0)

[jatin-vl]

Hi, I have an express route for email verification that should login the user

/**

• Server accepts a token and logs user in.
  */

After successful business flow, In last I want the user to be automatically logs in to the application to access other endpoints but req.logIn never sets cookie-session-based session manager in the latest version of passport(0.6.0).

const xyzSession: IxyzSession = {
id: prospect.$id(),
email: prospect.email,
orgDomain: prospect.org_domain,
};

req.logIn(xyzSession, function (err) {
Logger.info(
'---------------------xyzSession creation initiated---------------------',
prospect.email,
);

            if (err) {
                return next(err);
            }

});

It works fine with passport 0.5.3 version, please let me know is there any work-around that can resolve this issue with passport(0.6.0), as passport(0.5.3) is vulnerable.

[PhelixTaken]

I have the same issue. When I call req.logIn, it saves the session into the session store, but it does not send the cookie to the client in production.

[chungtrannam]

The reason of missing the cookie-session is because:

In version 0.6.0, the req.login function is asynchronous, and the callback function returns after the request is finished.

To fix this issue, we need to wait for req.login promise and then return the result to the client.