'Node.js passport - keep login alive even changing to a different url
I have a working page secured with passport. It works fine. Opening the page the user credentials for login are asked and the navigation bar is adjusted for the user level. The user can navigate through the protected area and do stuff.
I am looking for a way to keep the login alive, even if the user changes to a another website and comes back to my page. There should be no new login necessary. The session should only be canceled, pressing the logout button or after a specific time period. I think that could be done with a secure cookie. How do I manage that?
passport.serializeUser((user, done) => done(null, user.id));
passport.deserializeUser(async function(id, done){
// local strategy
// ... checking user and do something
});
passport.use(
new LocalStrategy(async function(username, password, done){
let user;
// local strategy
// ... checking user and do something
}),
);
app.use(
expressSession({
secret: 'top secret',
resave: false,
saveUninitialized: false,
}),
);
app.use(passport.initialize());
app.use(passport.session(
{
secret: 'my secret',
cookie: { maxAge: 60000 }
}
));
app.post(
'/login',
passport.authenticate('local', { failureRedirect: '/login.html' }), async function (request, response){
// redirect to a specific route
},
);
app.get('/logout', (req, res) => {
req.logout();
res.redirect('/login.html');
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|