Passport.js，具有相同凭据的Express会话跨浏览器

Question

I've written code with Passport.js for authentication purpose. While user logged into chrome and using same credentials user logged into another browser 'FF'.

As we all know that Passport.js store all details into req.users and req.session.passport.users . If from one browser user update some details how can we update into another browsers req object without logout?

Same kind of, If admin update user1 details and he already logged in than how that will affect?

Any clue?

Answer 1

As we all know that Passport.js store all details into req.users and

Not necessarily. passport.js does not store user details in req.user , but your passport.js integration code loads the user details from some backend storage and then puts it in the request object on every request.

So it is up to you to update the user in the backend and decide when to retrieve a new version ( instead of just deserializing jwt , for example ) on every request just as well.

Sample code from http://www.passportjs.org/docs/basic-digest/

passport.use(new BasicStrategy(
  function(username, password, done) {
    User.findOne({ username: username }, function (err, user) {
      if (err) { return done(err); }
      if (!user) { return done(null, false); }
      if (!user.validPassword(password)) { return done(null, false); }
      return done(null, user);
    });
  }
));

This code is executed on every single request which means that on every request to the server your user is loaded from your database.

Even if you're working with multiple sessions in multiple browsers the result is the same. So it is up to you to handle when and how you want to update your user in your database.

Otherwise if you don't load your user from an external datasource but eg deserialize the whole user object from jwt ( which is not recommended unless you really understand what you're doing ) then you need to think of a synchronisation strategy eg check some updated flag in db or some cache on deserialization