Passport allows sessions with the passport-local library with the following code, but I can’t figure a way to toggle session based on the request object.
Current code: router.post('/login', passport.authenticate('local', { session: true }), login)
Request contains the persist boolean in req.body
I figured that I can pass the request to my Strategy function with the following code:
passport.use(
new Strategy(
{ usernameField: 'email', passReqToCallback: true },
passportStrategy
)
)
export const passportStrategy = async (
req: Request,
email: string,
password: string,
done: Function
) => {
try {
const user = await UserModel.findOne({ email })
if (!user) {
return done(null, false, { message: 'Incorrect username.' })
}
const matches = await comparePassword(password, user.password!)
if (!matches) {
return done(null, false, { message: 'Incorrect password.' })
}
return done(null, user)
} catch (err) {
return done(err)
}
}
but that doesn’t affect the session code.
The reason I want to disable sessions is in case users are on a public computer, so perhaps there’s a way of deleting the session either immediately client side or in my route handler?