passport: req.session.regenerate is not a function since upgrade to 0.6.0
We have been using passport for some time within our application and have had no issues but once upgraded from 0.5.2 to 0.6.0 we are suddenly seeing an error when submitting authentication.
C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\sessionmanager.js:28
req.session.regenerate(function(err) {
^
TypeError: req.session.regenerate is not a function
at SessionManager.logIn (C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\sessionmanager.js:28:15)
at IncomingMessage.req.login.req.logIn (C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\http\request.js:39:26)
at Strategy.strategy.success (C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\middleware\authenticate.js:256:13)
at verified (C:\stash\NTTSites\sites\fw-standards\node_modules\passport-local\lib\strategy.js:83:10)
at Strategy.runAuth [as _verify] (C:\stash\NTTSites\sites\fw-standards\utils\passport-authentication.js:60:10)
Our passport-authentication.js just initialises passport within expressJS and sets some local strategies.
I have rolled back to 0.5.3 and our application works fine again.
Environment
- Operating System: Windows 10
- Node version: 16.13.2
- passport version: 0.6.0
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 33
- Comments: 24 (2 by maintainers)
Commits related to this issue
- chore: install @hapi/iron connect-mongo express-session react-query passport 0.6.0 https://github.com/jaredhanson/passport/issues/907 이슈로 다운그레이드 — committed to MINJE-98/login-template by MINJE-98 2 years ago
- OSCI-4218: downgrade auth package Upstream link: https://github.com/jaredhanson/passport/issues/907 Signed-off-by: Andrei Stepanov <astepano@redhat.com> — committed to fedora-ci/ciboard-server by Andrei-Stepanov 2 years ago
- OSCI-4218: downgrade auth package Upstream link: https://github.com/jaredhanson/passport/issues/907 Signed-off-by: Andrei Stepanov <astepano@redhat.com> — committed to fedora-ci/ciboard-server by Andrei-Stepanov 2 years ago
- Add call back function to support passportjs package. expand for more details... /* Addressing issue with latest version of passport dependency packge TypeError: req.session.regenerate is n... — committed to DFE-Digital/login.dfe.services by malikimran34 8 months ago
Can’t believe this still isn’t fixed?
Thanks for the report. This is a duplicate of #904. I’d recommend pinning to 0.5.x, until I’ve had a chance to release an update with the new features described on the initial issue.
@tonmoydeb404 but they serve different purposes, it’s not a solution.
Passport 0.5.0 has a significant vulnerability, and when we update to 0.6.0, we see the error “TypeError: req.session.regenerate is not a function.” Does that mean that anything relating to the session create issue needs to be manually edited?
I encountered a similar problem with version 0.6 of Passport. To resolve it, I downgraded to version 0.5.0
@recursiveway - I actually ended up writing a middleware function that I pull into our express server. The middleware function is just a stub similar to the one above:
I ended up resolving this issue for our upgrade to passport 0.6.0 by stubbing the
regenerateandsavemethods. I patched the dependency in our repository in thelib/sessionmanager.jsfile as such:And then propagating those changes to the various calls to
saveandregeneratein the file.Well I’ve changed my package.json passport to
"passport": "github:joeyguerra/passport#missing-regenerate-on-req",The PR for the fix is here, which is how I found it: https://github.com/jaredhanson/passport/pull/947
Any update for March 2023? I see that @VottonDev has a fix in their separate repo…
What are you using for session middleware?