Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Problem using with passport 0.6.0: session.regenerate is not a function
See original GitHub issueI’ve been using cookie-session in conjunction with passport successfully. But passport-0.6.0 now calls session.regenerate(), which is part of the API for express-session, but not for cookie-session.
I’m not sure exactly how all this works together, but should regenerate() be added to cookie-session or should passport be checking for existence before attempting to use it?
Issue Analytics
- State:
- Created a year ago
- Reactions:6
- Comments:7 (5 by maintainers)
Top Results From Across the Web
req.session.regenerate is not a function since upgrade to 0.6.0
We have been using passport for some time within our application and have had no issues but once upgraded from 0.5.2 to 0.6.0...
Read more >req.session.regenerate is not a function using Passport - Stack ...
session.regenerate() function internally (source code link), cookie-session has not regenerate method and therefor passport throws the error.
Read more >TypeError: req.session.regenerate is not a function using ...
I think this error happens because the passport use req. session. regenerate() function internally (source code link), cookie-session has not regenerate method ...
Read more >Fixing Session Fixation - Passport.js - Medium
Version 0.6.0 of passport has been released, which improves robustness against classes of session fixation attacks.
Read more >req.session.regenerate is not a function - rkusa/koa-passport
It seems to be because of this https://github.com/jaredhanson/passport/issues/907, probably a good idea to downgrade the passport version for now.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Cool. I don’t want to close this for now as just want to see what is decided around. I forgot to mention as well that adding, even a dummy method, would end up as semver major, as it would now prevent the usage of the key
regeneratein the user-set data. And it’s a hard thing to work around with a client side store model like this, because you cannot just update the key in your db; the clients have the data blob 😦Ok, so I’m going to close this issue has it has been sitting here for a few months. I looked over the linked Passport.js issue and it seems the question was answered in https://github.com/jaredhanson/passport/issues/904#issuecomment-1135119308
The author of Passport.js seems pretty clear that
cookie-sessionwas never a supported session to use, which makes sense why no issue was ever noticed in the Passport.js change before it was released. The author outlined their thoughts there about how to addcookie-sessionas a supported session system to Passport.js as well. I’m not sure if they have made any progress towards it, but if not, I’m sure they would be willing to accept someone who did contribute such a change to Passport.js.