Geek Answers Handbook

Req.session.passport and req.user blank, and req.isAuthenticated returns false after the initial successful login using passport-facebook

After the initial successful login from Facebook and the callback redirection of the username using passport-facebook 1.0.3 and expression 4.6.1, req.session.passport and req.user contain the value set during the serialization call (which I get from stragegy), but on subsequent visits to different routes on the site, req.session.passport and req.user is empty, and req.isAuthenticated () returns false, so after the initial successful login to the FB system, the secureAuthentication method on all other routes fails. I don’t use cluster configuration, so I think that there is enough memory to handle this, the express configuration looks fine (I mean the order), here is my express configuration

configExpressApp.set('views', './views'); configExpressApp.set('view engine', 'jade'); configExpressApp.use(morgan('dev')); configExpressApp.use(cookieParser()); configExpressApp.use(bodyParser.urlencoded({ extended: true, })); configExpressApp.use(bodyParser.json()); configExpressApp.use(expressSession({ secret:'MyExpressSecret', saveUninitialized: true, resave: true })); configExpressApp.use(passport.initialize()); configExpressApp.use(passport.session()); configExpressApp.use(methodOverride()); configExpressApp.use(express.static('./public'));

Here is the req.session object upon initial successful login and redirection. Req.user contains the same data as req.session.passport.user

 { cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true }, passport: { user: { _id: 53ce23e3121421f229a438f8, info: false, loginType: 'fb', fbId: 'MyId', name: 'Karthic Rao', email: 'kartronics85@yahoo.com' } } }

this is information that was previously associated with the done () callback inside the strategy, as well as inside the serialization call. After a successful login and callback, I use res.redirect to redirect the user to another route, but the requests coming from this route contain sessionID (so I don't think this is a problem with the session store), but the req.user field does not exist ( maybe because the passport .initialize () and passport.session () middlewares do not find a request for authentication), and the req.session.passport field is empty, here are the details from the console.log req object.

 sessionID: 'I9R1c3PIYgDW5OpWbNT7qb02Hn4lOeAB', session: { cookie: { path: '/', _expires: null, originalMaxAge: null, httpOnly: true }, passport: {} },

Here is my deserialization method

 passport.deserializeUser(function(user, done) { console.log('deserialize loginType facebook'); db.collection("users").findOne({ fbId: user.id }, function(err, docs) { console.log(docs); done(err, docs); }); });

Here is my serialization method

 passport.serializeUser(function (user, done) { console.log(user); done(null, user); });

This creates a big obstacle to my development, how can I figure it out?

+8
authentication express passport-facebook
source share
1 answer

Well, if you could add the code in which you are using your strategy (this should be in the middleware), this will give us a complete picture of the problem, because we need to know which object was sent to serializeUser .

(Very) basically, when a user tries to authenticate, everything happens like this:

  • The passport is trying to authenticate the user on Facebook servers.
  • If this succeeds, the callback function (or successRedirect) is called with an object containing user details.
  • Passport then makes a req.login call to store information about the user in the session
  • Then serializeUser is called and effectively stores the data that you specified in the session.

BUT from the code you posted, I suspect that your deserializeUser , user.id is undefined, because the user object that is stored in the session uses an ID field called _id , not id .

If you change

  db.collection("users").findOne({ fbId: user.id

to

 db.collection("users").findOne({ fbId: user._id

Strike>

 db.collection("users").findById(user._id, [fields],[options],[callback]);

I think it should work.

EDIT . I edited my answer based on @BrandonZacharie's comment, which indicates an error in my code.

+9
source share

More articles:


All Articles