TTC
Theo's Typesafe Cult3y ago
venego

passportjs sends a cookie on each request

thank you in advance I use this lib called passportjs, I know it doesn't make any sense to use it in a simple authentication method like this, how ever, it seems like it's setting an http cookieon each request, even if the requested route doesn't exist. basically I know that the setCookie header is included once you change the session object. so why passportjs does that? I spend to much time dealing with the problems of this lib while I could just use express-session and do more than this simple authentication. so here is the implementation of the lib: did I forget another thing that is not in the docs? 
app.use(
    session({
        secret: process.env.SECRET,
        saveUninitialized: true,
        resave: true,
        cookie: { maxAge: 1000 * 60 * 60 * 24, path: '/', secure: false, httpOnly: false },
        store,
    })
);

passport.use(localStrategy);
passport.serializeUser((usr, done) => {
    done(null, usr);
});
passport.deserializeUser((usr, done) => {
    done(null, usr);
});

app.use(passport.initialize());
app.use(passport.session());
app.use(
    session({
        secret: process.env.SECRET,
        saveUninitialized: true,
        resave: true,
        cookie: { maxAge: 1000 * 60 * 60 * 24, path: '/', secure: false, httpOnly: false },
        store,
    })
);

passport.use(localStrategy);
passport.serializeUser((usr, done) => {
    done(null, usr);
});
passport.deserializeUser((usr, done) => {
    done(null, usr);
});

app.use(passport.initialize());
app.use(passport.session());
and here is the only route I use it's middleware: 
  router.post('/login', passport.authenticate('local'), (_, res)=>{res.json({msg: 'loged in'})});
  router.post('/login', passport.authenticate('local'), (_, res)=>{res.json({msg: 'loged in'})});
0 Replies
No replies yetBe the first to reply to this messageJoin

Did you find this page helpful?