From 984eddb36d8d1fb6ac4e69c12ffd2ac32d229644 Mon Sep 17 00:00:00 2001
From: Jaime Lopez <31429468+DevWithTheHair@users.noreply.github.com>
Date: Tue, 22 Nov 2022 12:31:10 -0800
Subject: [PATCH] fix: use `keepSessionInfo` to maintain session

The passport.js changes in `0.6.0` have breaking changes related to protecting against "Session Fixation".
- https://github.com/jaredhanson/passport/pull/900
- https://medium.com/passportjs/fixing-session-fixation-b2b68619c51d

The assumption for the fix in this commit is that our example project here only has the session storage as its storage mechanism, so we're not quite vulnerable to the same thing since the storage goes away when the local project is stopped.
---
 server.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 99e0b9d..ab3b357 100644
--- a/server.js
+++ b/server.js
@@ -155,7 +155,10 @@ app.get('/auth/cb', (req, res, next) => {
     if (err || !user) {
       return res.redirect('/login.html');
     }
-    req.logIn(user, (err) => {
+    const options = {
+      keepSessionInfo: true
+    }
+    req.logIn(user, options, (err) => {
       if (err) {
         return next(err);
       }