-
-
Notifications
You must be signed in to change notification settings - Fork 497
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parameters of session:false not work #152
Comments
I also realized that sessions are always in use, even when set to false in the strategy options. This is an issue, right ? |
Bit of a late answer but as reference for everyone else: The It needs to be added to the app.post('/login', passport.authenticate(['local'], {
session: true
/** other options **/
}), (req, res) => {
/** your handler */
}) |
Same here #155 session: false has to be in
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried this example code passport-local-example and applied parameters to local strategy.
However, it seems that session is still in use. I could get user's password from req.session.user.
Only username , password, callback are set in this lib.
I don't have experience in security. Is it correct that I could get user's password in req.user.password?
Will this be unsafe?
The text was updated successfully, but these errors were encountered: