passport: passport.js throws login session error after upgrading from 0.4.1 to 0.6.0

error: Server Error: error: Error: Login sessions require session support. Did you forget to use express-session middleware? at SessionStrategy.authenticate (/home/khaja/Desktop/flow-web/node_modules/passport/lib/strategies/session.js:46:41) at attempt (/home/khaja/Desktop/flow-web/node_modules/passport/lib/middleware/authenticate.js:369:16) at authenticate (/home/khaja/Desktop/flow-web/node_modules/passport/lib/middleware/authenticate.js:370:7) at Layer.handle [as handle_request] (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/layer.js:95:5) at trim_prefix (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:317:13) at /home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:284:7 at Function.process_params (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:335:12) at next (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:275:10) at initialize (/home/khaja/Desktop/flow-web/node_modules/passport/lib/middleware/initialize.js:98:5) at Layer.handle [as handle_request] (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/layer.js:95:5) at trim_prefix (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:317:13) at /home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:284:7 at Function.process_params (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:335:12) at next (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:275:10) at /home/khaja/Desktop/flow-web/node_modules/sails/lib/hooks/http/get-configured-http-middleware-fns.js:85:20 at app._privateSessionMiddleware (/home/khaja/Desktop/flow-web/node_modules/sails/lib/hooks/session/index.js:467:20) at session (/home/khaja/Desktop/flow-web/node_modules/sails/lib/hooks/http/get-configured-http-middleware-fns.js:83:9) at Layer.handle [as handle_request] (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/layer.js:95:5) at trim_prefix (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:317:13) at /home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:284:7 at Function.process_params (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:335:12) at next (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:275:10) at cookieParser (/home/khaja/Desktop/flow-web/node_modules/cookie-parser/index.js:71:5) at Layer.handle [as handle_request] (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/layer.js:95:5) at trim_prefix (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:317:13) at /home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:284:7 at Function.process_params (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:335:12) at next (/home/khaja/Desktop/flow-web/node_modules/express/lib/router/index.js:275:10)

  • Operating System: ubuntu
  • Node version: v14.20.0
  • passport version: v0.6.0

About this issue

  • Original URL
  • State: open
  • Created 2 years ago
  • Reactions: 5
  • Comments: 16 (1 by maintainers)

Commits related to this issue

Most upvoted comments

Fyi I had this same problem after upgrading from 0.5.3 to 0.6.0. I found the solution as such:

this.passport.authenticate('saml', {
				failureRedirect: '/',
				failureFlash: true,
				session: false,
			}),

If you explicitly specify session:false in passport.authenticate then 0.6.0 behaves like 0.5.3 did & doesn’t throw the session error.

I didn’t have to do that in 0.5.3. I also noticed that I had to specify session:false everywhere I called passport.authenticate.

+5
robw00t on Jan 17, 2023

Hi,

I’ve also encountered this error when updationf from 0.5.2 to 0.6.0. I’m using passport-jwt 4.0.0.

+4
Facj on Dec 16, 2022

for older versions of passport 0.4.0 we dont need a callback for req.logout(); function but we need for 0.6.0

+2
ghost on Mar 28, 2023

I encountered this as well while running a sailsjs app. The problem is that sails is disabling session on requests for assets. So main “main” request would work but I got the error for all css and js assets. My solution was to add this to the session config so that we enable sessions for all requests:

isSessionDisabled: () => false,
+1
kivra-gusahl on Sep 4, 2023

@robw00t specifying session:false in passport.authenticate does not work for me. Did you install express-session?

+1
CharmiBhikadiya on Feb 16, 2023
Read more comments on GitHub
← passport: Passport.js does not work with cookieSession (Express.js)
passport: req.isAuthenticated occasionally fails - race condition? →