I am encountering an issue with my Passport-using application that has a GraphQL endpoint and a /logout endpoint. Strangely, when I check request.isAuthenticated() inside the GraphQL endpoint, it returns true, but in the /logout endpoint, it returns false.
Upon further investigation with logging (request.session.id), I discovered that there are two sessions in use. The session within the GraphQL endpoint is persistent, maintaining the same ID even after server restarts, while the session in the /logout endpoint keeps changing.
It appears that the persistent session is cookie/DB-based and persists with client requests, while the /logout session is not cookie-based and resets along with the server. However, the question remains: why are there two distinct sessions?
Below is the relevant code snippet:
// Session setup
const store = new KnexSessionStore({ knex, tablename: 'sessions' });
app.use(
session({
cookie: { maxAge: 1000 * 60 * 60 * 24 * 5},
secret: `a secret`,
store
})
);
// Passport setup
passport.serializeUser((user, done) => done(null, user));
passport.deserializeUser((user, done) => done(null, user));
app.use(passport.initialize());
app.use(passport.session());
// GraphQL Setup
// NOTE: request.session.id from inside a function in schema = persistent session
const graphQLHandler = graphqlHTTP(request =>({ graphiql: true, schema }));
app.use('/graphql', graphQLHandler);
// Logout Setup
app.get('/logout', (request, response) => {
// NOTE: request.session.id = non-persistent session
response.send(`user has been logged out`); // someday do request.logout()
});
Despite calling the express session setup function (session) once, it seems like app.use(passport.session()) might be creating a separate session. While this line instructs Passport to utilize the session, it should not generate a parallel session.
If anyone can shed light on this situation or suggest where I could insert code to prompt an error whenever a new session is created (to identify the cause of the second session), it would be greatly appreciated.