New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
req.user is undefined, passport not working with Express 4.0 #244
Comments
Had isses with express-session. I switched to expressjs/cookie-session and seems to be working fine with express@4.42, passport@0.2.0, passport-persona |
can u post the post function where u authenticate the user? Had same issue with custom callback authentication - but not with flash Authentication (flash not works but session will be set with user infos). |
There is another issue for this in #222... |
I had this problem. The fix was to add the express-session secret into the cookie parser. problem solved. So the fix for above would be: app.use(cookieParser('foo')); notice the cookie parser now contains the session secret. |
I had this issue. The problem was really that I was trying to access a redis db number I didn't have access to. When I removed the db from my redis config, it worked again. |
The issue for me was that I was not consistent in linking through my site. Make sure you either prefix ' www.' everywhere or nowhere, or a new session will be started for the two! |
I had the same issue. Turns out it was a dependency issue with express-sesssion. From the Passport site:
|
Putting express.session() before passport.session() fixed the issue for me, thanks. |
+1 |
1 similar comment
+1 |
If you're using the window.fetch method to send requests to your server, you have to include 'same-origin credentials in your request. See the example below.
|
Watch out cookie property with 'secure' value if not in under https protocol req.user will be undefined. |
Big thanks @valerieernst ! |
@valerieernst HUGE THANK YOU!!!! A ton of Googling and your advice got my stuff working. |
@valerieernst thanks! |
omg @SaydChada thank you so much! I've been stuck for ages, and it was this one line of code driving me insane. |
@valerieernst You are a saint, thank you so much for this small yet absolutely essential piece of information. Here is Github Gold. No wait, but I'll subscribe to your channel. Or follow your feed. +1 your post, whatever, have all the upvotes! |
In case someone is having this problem due to nginx as ssl proxy to express. |
Guys, since you are using a custom callback to handle success/failures, it becomes the application's responsibility to establish a session . So we need to set req.session.user = {...} in the strategies. I added a new route to keep using "req.user":
|
There's a suttle bug with |
It seems to me the real bug here isn't that It seems like at least the majority of the above cases could be caught. For instance, if passport sees two sessions for identical URLs except one has I would imagine these warnings would be very easy to implement, but they also sound like they'd be hugely valuable. After just losing half a day to the |
@machineghost You can always do a PR yourself! 😉 |
As I said, I'd be happy to, but I never waste time on PRs that maintainers don't want. Until a project maintainer indicates that such a warning would actually be desired I'll hold off. |
I had same issue, both with req.isAuthenticated() and req.user, here is how I resolved
resolved by replacing findOne() with find() in findById() method inside deserialize(), then I could save authenticated req, else it was returning nothing.
resolved by adjusting order, first express-session should be stored then passport should be initialized then next session store in passport.session() and after that we can access req.user, after saving session in passport.session()
|
I have a problem if anybody here could help, please. In my case, cookies are being saved to the browser but they are not being used. I know this because my app doesn't go to a state of logged-in. I just keep getting redirected to google's site every time. I am using passport's google strategy. |
@crsrusl This worked for me. Before this, I had to manually set |
I, too, had this problem, and @SaydChada's hint got me pointed in the right direction:
Also note that if you do indeed want to request a secure cookie be sent to the browser (s/b typical, IMHO), but you're using
In my case, I'm running in Google App Engine, configured for TLS/SSL only, which terminates TLS upstream. See also: https://github.com/expressjs/session#cookiesecure |
in my case, i use this config, resolveded the problem |
Thank you @asdkazmi !!! Adding these below the express session use in app.js did the trick for me here in March 2024 :-) |
I use passport@0.2.0 and passport-local@1.0.0.
req.user is alway undefined and so req.isAuthenticated() also not working.
Here is my express-setup:
... and passport-setup:
EDIT:
I try to find the reason of that bug and its seems its related to express-session. On every request i have a new value in req.sessionID, also no cookie will be created with the sessionID.
The text was updated successfully, but these errors were encountered: