Please make sure you are using the latest version of passport (which is 0.2.1 today).
Try passing { session: false } as the second parameter to your req.logIn() function:
app.get('/login', function (req, res, next) { passport.authenticate('local', function (err, user, info) { if (err) { return next(err); } if (!user) { return res.redirect('/login'); } req.logIn(user, { session: false }, function (err) {
Cause:
At first glance, passing { session: false } to passport.authenticate() seems reasonable, because the source code for this method looks like this:
Authenticator.prototype.authenticate = function(strategy, options, callback) { return this._framework.authenticate(this, strategy, options, callback); };
Thus, it should be able to execute the second parameter. But if you start to expand the stack of function calls, you will realize that the session attribute of the options parameter is completely ignored. I mean, there is no link to options.session inside
this._framework.authenticate(this, strategy, options, callback);
function.
So basically you want to pass it to the req.logIn() function. The source code for this function is as follows:
req.logIn = function(user, options, done) { if (!this._passport) throw new Error('passport.initialize() middleware not in use'); if (!done && typeof options === 'function') { done = options; options = {}; } options = options || {}; var property = this._passport.instance._userProperty || 'user'; var session = (options.session === undefined) ? true : options.session; this[property] = user; if (session) { // HERE! It will not try to serialize anything if you pass {session: false} var self = this; this._passport.instance.serializeUser(user, function(err, obj) { if (err) { self[property] = null; return done(err); } self._passport.session.user = obj; done(); }); } else { done && done(); } }
PS Please consider installing npm dependencies using npm install [package-name] --save instead of creating package.json manually. npm will automatically select the latest stable version.