passport.authenticate loses session on success

[mapocosm]

I have passport working very well with facebook and google as providers. I am testing login and logout cycles, and it seems the session is dropped from time to time. I'm using connect-dynamodb for the session store. In the auth callback as follows, the req.user object is always available:

app.get( '/auth/facebook/callback', 
    passport.authenticate( 'facebook', { failureRedirect: '/autherror' }), function(req, res) { 
        console.log( '/auth/facebook/callback, req.user = ' + JSON.stringify( req.user ) );
        res.redirect('/setup'); 
    } );

But then the /setup route, as below, will sometimes show req.user as undefined.

app.get('/setup', function(req, res)
{
    console.log( '/setup, req.user = ' + JSON.stringify( req.user ) );
});

Is this normal? Is the session supposed to drop after a login is successful?

[mapocosm]

More info ... the express session remains valid after the success redirect; it's the passport session that's empty after the redirect.

[mapocosm]

More info ... when the passport.session fails to exist after redirect, deserializeUser doesn't get called. In this scenario I can login using facebook and then logout - repeat 3 - 4 times and works great, then it fails.

[benheymink]

Is it the same race condition mention in this issue? #306

[matthiasprieth]

I had the same problems! I ended up using https://github.com/expressjs/cookie-session instead of https://github.com/expressjs/session. It worked out of the box. I did not have to change a single line of code except for the config.