Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

req.login redirect is done before the user info is saved in the session #401

Open
franckl opened this issue Aug 21, 2015 · 5 comments
Open

req.login redirect is done before the user info is saved in the session #401

franckl opened this issue Aug 21, 2015 · 5 comments

Comments

@franckl
Copy link

franckl commented Aug 21, 2015

I have a simple login page with local auth and custom callback.
When the login is successful, I redirect the user to the main page and check if (req.isAuthenticated()) is true.
50% of the time, req.isAuthenticated() returns false. It seems that the redirect is happening before the session information is updated. It didn't notice this issue when I was using the standard local auth options without custom callback.

Any idea ?

    self.app.post('/login', function (req, res, next) {
        passport.authenticate('local', function (err, user, info) {
            if (err) {
                return next(err);
            }

            var sanitizedEmail = validator.escape(req.body.username);
            if (!user) {
                req.flash('error', 'Wrong email or password');
                req.flash('emailL', sanitizedEmail);
                return res.redirect('/login');
            }
                req.logIn(user, function (err) {
                    if (err) {
                        return next(err);
                    }
                        return res.redirect('/main/');
                });
        })(req, res, next);
    });
@chriswininger
Copy link

Yeah I've seen this same issue. There is a workaround posted in this ticket #306

Basically they suggest saving the session manually and waiting for the save callback before hitting your redirect, that is what we are now doing, but I can't say I love that solution. Anyone more familiar with the passport code know of a better way to address this? Is there a second callback or event we can listen for. Should not req.logIn wait for the session save to finish before hitting the callback? Thoughts?

@rhzs
Copy link

rhzs commented Nov 7, 2015

@franck34 I have the same issue too here. +1

@saiichihashimoto
Copy link

Lol, issue 401

@zypA13510 zypA13510 mentioned this issue May 18, 2018
Open
5 tasks
@mckenzieja
Copy link

Still an issue for me. Cannot find a fix for it. Implementing the hack.

@jaredhanson

@panva panva mentioned this issue Dec 19, 2018
Closed
2 tasks
dxwc added a commit to dxwc/CRUD-JSFree_en that referenced this issue Jan 11, 2019
@dxwc
workaround for passport bug to ensure redir auth
49f4757 
see:
+ jaredhanson/passport#401
+ jaredhanson/passport#306
dxwc added a commit to dxwc/CRUD-JSFree that referenced this issue Jan 11, 2019
@dxwc
workaround for passport bug to ensure redir auth
a66b681 
see:
+ jaredhanson/passport#401
+ jaredhanson/passport#306
@strong0588
Copy link

I do have a similar problem of req.user not being saved properly on the redis database.
Apart from doing req.session.save, what works for me is to set saveUninitialized to false.

The reason behind the problem is user send more than 1 requests almost at the same time to my api server, one for authentication/login and the others for retrieving data. As a result, more than 1 cookie is being set on the client side. When the client send subsequent requests to the server, the server somehow parse one of the cookies which does not contain the user info in the session store.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@chriswininger @saiichihashimoto @franckl @rhzs @mckenzieja @strong0588