Unable to login user from a different app

[netlander]

Encountered an issue with passport local authentication policy using this plugin where I have registered a user on one express app but when I try to login the same user from a different app/site it seems not possible.

Tried also creating a user in the second app with the same result, i.e. not able to authenticate the new user in the first express app.

[netlander]

Inherent problem with passport-local-mongoose whereby it's only useful for a single app deployment due I think to the salt/hash or whatever the plugin pushes to the database.

[riyadhzen]

Interesting, I launched my app on 2 different ports on the same machine and I can login from any app. So I really don't understand why you can't do the same.

[riyadhzen]

I just tested on 2 machines and everything is running OK.

[netlander]

The problem occurs when deploying two or more completely different apps (not two instances of the same app).

[saintedlama]

May it be that the two different apps are running on two different node.js versions? In case this is true try to specify the digestAlgorithm in the app running on node.js >= 0.12 as sha1. Background: With node.js 0.12 the pbkdf2 crypto API in node.js got a new option for specifying digests. Since sha1, the old default, is not seen as too secure for this use case passport-local-mongoose decided to switch to sha256 as default in some newer versions. This results in the situation where app1 creates hashes with sha1 while app2 creates hashes with sha2. When comparing the hashes for the same password and salt these two will not match. Obviously.