jaredhanson/passport-local

session: false doesn't work

wzup opened this issue · 6 comments

wzup commented

Session: false is not working.
Your docs say it should be specified in options. But that's not true. It doesn't work that way.

passport.use(new LocalStrategy({
    usernameField: 'email',
    passwordField: 'passwd',
    session: false
  },
  function(username, password, done) {
    // ...
  }
));

Either change docs of modify the code.
Because it has to be like this, not in initial config

passport.authenticate('local', {session:false})

Any progress on this running into this same problem?

Same here

Running into this issue as well, can this get some attention?

The same problem here, it's causing 100s of unwanted sessions between backend APIs, please help! @jaredhanson

Same here. Looking in the source code I can't see anywhere where the session-option is actually used 🤔

function Strategy(options, verify) {
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) { throw new TypeError('LocalStrategy requires a verify callback'); }
this._usernameField = options.usernameField || 'username';
this._passwordField = options.passwordField || 'password';
passport.Strategy.call(this);
this.name = 'local';
this._verify = verify;
this._passReqToCallback = options.passReqToCallback;
}

Same here. Looking in the source code I can't see anywhere where the session-option is actually used 🤔

function Strategy(options, verify) {
if (typeof options == 'function') {
verify = options;
options = {};
}
if (!verify) { throw new TypeError('LocalStrategy requires a verify callback'); }
this._usernameField = options.usernameField || 'username';
this._passwordField = options.passwordField || 'password';
passport.Strategy.call(this);
this.name = 'local';
this._verify = verify;
this._passReqToCallback = options.passReqToCallback;
}

Looks like a documentation error.

session: false option only works in passport.authenticate('local', { session: false })