Advanced Node - Local Strategy Login

genamn · February 20, 2023, 5:33pm

I’m trying to set up a login with a passport local strategy according to the Advanced Node exercises. Every control in the strategy seems to go fine, but the “ensureAuthenticated” middleware (in routes.js) keeps returning “false” on the req.isAuthenticated() control. I think I might have some session or user serialize problem here.

Here is the replit: boilerplate-advancednode - Replit

If you try to login with the right credentials, the Local Strategy flow goes down right, but then it won’t redirect you to /profile, as you are not logged in.

kinome79 · February 21, 2023, 1:20am

Does it matter that you use bcrypt to hash the password, but it doesn’t seem that you’ve imported bcrypt (don’t you need const bcrypt=require('bcrypt'); at the top? Maybe you can’t authenticate because your passwords are unidentified.

genamn · February 21, 2023, 4:16pm

You’re right, there was a missing bcrypt at the top of routes.js, but it doesn’t seem to be the issue here, i added it and nothing changed.

Also, why there was no error promped for the missing module?

Edit: Just found what was causing the issue.
In the express-session middleware i was using cookie: { secure: true }, changing it to false solved the issue.

app.use(
  session({
    secret: process.env.SESSION_SECRET,
    resave: true,
    saveUninitialized: true,
    cookie: { secure: false },
  })
);

“Secure” cookies will only send the session to the server over https, it clearly was not the case for my local dev server.

system · August 23, 2023, 4:17am

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.