Passport.js `isAuthenticated()` inconsistent behavior; false when it should be true

jamesplease

I'm using Passport to allow user logins through Google. The session is being stored in Postgres. It looks to me like I've got all of those things configured correctly. However, isAuthenticated() is returning inconsistent values.

The inconsistency happens in the success callback of being authenticated. I've configured passport to redirect to /success when the user has successfully logged in.

If the server has just been booted up (meaning nobody has tried logging in yet), then isAuthenticated() returns true for the /success endpoint.

Once that user logs out, though, if they log back in, then isAuthenticated() returns false on the /success route. If they refresh the page, then it returns true.

The /logout endpoint is also acting inconsistently. Sometimes it works the first time, while at other times the user needs to refresh.

I've looked at similar problems folks are having. In particular, the two most common problems seem to not be the case here:

  1. CORS is set (SO answer / my code)
  2. the order of my middleware seems to be correct (SO answer / my code)
  3. logIn isn't relevant since I'm not putting a custom callback (SO Answer)
  4. serialize working correctly; it's just not getting called in certain situations (SO question / explanation in here; session isn't finding su)

For the past few hours, I've been stepping through the Passport source code to try to figure this out. More information on what I've found can be read about here on the Passport repo.

The project that this is going in is open source. The middleware is being configured here:

https://github.com/jmeas/finance-app/blob/google-sign-in/server/app.js

and the Passport configuration can be seen here:

https://github.com/jmeas/finance-app/blob/google-sign-in/server/utils/configure-passport.js

Perhaps I'm missing something obvious?

jamesplease

The tl;dr is that you need to manually call save in certain browsers (like Chrome). They won't wait for the whole response before redirecting.

For more, see:

https://github.com/expressjs/session/issues/309#issuecomment-230594298

and linked issues. I walk through everything pretty thoroughly there.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

passport's req.isAuthenticated always returning false, even when I hardcode done(null, true)

Node js passport's req.isAuthenticated returns always false

Ionic + Passport isAuthenticated() returns false

Passport isAuthenticated() always returns false?

Passport isAuthenticated() always returns TRUE

Node.js, Vue.js and Passport.js. .isAuthenticated() always returns false? Axios headers possibly?

isAuthenticated always false using Javascript express and passport

PHP Bitmask says true when it should be false

regex returns false when should return true

LINQ Query returns false when it should be true

Why is if statement returning false when it should be true?

Python "==" returning False when it should return True

Bool = true when it should = false in C++

An and statement returns True when it should return False

How is req.isAuthenticated() in Passport JS implemented?

Setting up passport for the first time. isAuthenticated() always returning false

When should I return TRUE and when FALSE on DialogProc

When should I var_export(..., TRUE), when FALSE?

koa-passport w/ passport-steam: ctx.isAuthenticated() always false

Inconsistent behavior when editing JTable

IsAuthenticated is false

Null-conditional operator always true in if statement when should be false

Getting a false Boolean value when I should be getting true

Should a boolean value be truncated to either true or false when assigned?

HttpRequest.Content.IsMimeMultipartContent() is returning false when it should return true

Prolog help | how come 'tony' is true when it should be false?

momentjs isValid is returning false when it should be true and visa versa

Why is this function returning true when it should be returning false?

Chinese character comparison returning false when it should return true