fix: use keepSessionInfo to maintain session

The passport.js changes in `0.6.0` have breaking changes related to protecting against "Session Fixation". - jaredhanson/passport#900 - https://medium.com/passportjs/fixing-session-fixation-b2b68619c51d The assumption for the fix in this commit is that our example project here only has the session storage as its storage mechanism, so we're not quite vulnerable to the same thing since the storage goes away when the local project is stopped.
Banno · Nov 22, 2022 · 984eddb · 984eddb
1 parent 35f60c7
commit 984eddb
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/server.js b/server.js
@@ -155,7 +155,10 @@ app.get('/auth/cb', (req, res, next) => {
     if (err || !user) {
       return res.redirect('/login.html');
     }
-    req.logIn(user, (err) => {
+    const options = {
+      keepSessionInfo: true
+    }
+    req.logIn(user, options, (err) => {
       if (err) {
         return next(err);
       }