jaredhanson · joeyguerra · Oct 31, 2022 · Oct 31, 2022 · Feb 13, 2024 · Feb 13, 2024
diff --git a/lib/sessionmanager.js b/lib/sessionmanager.js
@@ -6,7 +6,18 @@ function SessionManager(options, serializeUser) {
     options = undefined;
   }
   options = options || {};
-
+  if(undefined == options.delegate){
+    console.warn('This manager utilizes a delegate with an API that contains regenerate and save');
+  }
+  this._delegate = options.delegate || {
+    regenerate: function(req, cb){
+      cb();
+    },
+    save: function(req, cb){
+      cb();
+    }
+  };
+
   this._key = options.key || 'passport';
   this._serializeUser = serializeUser;
 }
@@ -22,14 +33,13 @@ SessionManager.prototype.logIn = function(req, user, options, cb) {
 
   var self = this;
   var prevSession = req.session;
-  
+
   // regenerate the session, which is good practice to help
   // guard against forms of session fixation
-  req.session.regenerate(function(err) {
+  this._delegate.regenerate(req, function(err) {
     if (err) {
       return cb(err);
     }
-
     self._serializeUser(user, req, function(err, obj) {
       if (err) {
         return cb(err);
@@ -44,15 +54,15 @@ SessionManager.prototype.logIn = function(req, user, options, cb) {
       req.session[self._key].user = obj;
       // save the session before redirection to ensure page
       // load does not happen before session is saved
-      req.session.save(function(err) {
+      self._delegate.save(req, function(err) {
         if (err) {
           return cb(err);
         }
         cb();
       });
     });
   });
-}
+};
 
 SessionManager.prototype.logOut = function(req, options, cb) {
   if (typeof options == 'function') {
@@ -73,14 +83,14 @@ SessionManager.prototype.logOut = function(req, options, cb) {
   }
   var prevSession = req.session;
 
-  req.session.save(function(err) {
+  this._delegate.save(req, function(err) {
     if (err) {
-      return cb(err)
+      return cb(err);
     }
 
     // regenerate the session, which is good practice to help
     // guard against forms of session fixation
-    req.session.regenerate(function(err) {
+    self._delegate.regenerate(req, function(err) {
       if (err) {
         return cb(err);
       }
@@ -90,7 +100,7 @@ SessionManager.prototype.logOut = function(req, options, cb) {
       cb();
     });
   });
-}
+};
 
 
 module.exports = SessionManager;