-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Error: failed to deserialize user out of session" unwanted on production #6
Comments
Agreed. I'm leaning towards option 1 as the proper fix. |
strong +1 for one. |
+10086 for this issue... |
At least allowing the developer to handle the error would be key. +1 for at least exposing that. |
+1 on this. Is there a workaround for the issue right now? |
Hello guys, any idea when this will be fixed? |
Fixed! You can now invalidate an existing login session by setting user to
Most ORMs set the result to
This is fixed in passport@0.1.8, which has just been published to the npm registry. |
I'm having this exact same issue on version 0.1.12 with passport-facebook. |
Thank you! This should definitely find it's way into the documentation. |
I would note in the documentation that you have to return |
A world where null == false == undefined
null !== false !== undefined Inventing your own truth table where |
… that should prevent the user ending up with a stale session using passport, see jaredhanson/passport#6 for more information, haven;t tested this though
This working for me, put the next following commands in your terminal: |
Just a heads up for folks stumbling across this—it turns out |
I missed this nuance during the original porting -- returning false or null from a user deserializer means something special. It means the user not being found is not an error condition but just means the session has out-of-date data, and should be logged out. See jaredhanson/passport#6 for the original context on how this is a thing in passport. This recreates that functionality and tests it!
in deserializeUser prevent obscure issues like jaredhanson#6 (comment) jaredhanson#6 (comment)
created PR to fix undefined problem #975 |
It can cause subtle errors, because many query builders and ORMs return `undefined` if the entity (user) doesn't exist. See jaredhanson/passport#6 (comment) This PR is an alternative to jaredhanson/passport#6 (comment)
This is subjective but I believe a deserialization error from a bad session cookie/reset redis database/other regular production hiccup should not totally stonewall the unfortunate user with the problem. As things stand now, as soon as you get a deserialization error you're essentially blacklisted, and the error will be useless information to a typical user.
More desirable production behavior includes any of:
The text was updated successfully, but these errors were encountered: