Sessions do not always have regenerate() and save() cauing a fault

[Ylianst]

I am the author of MeshCentral and use cookie-session along with Password. A recent commit in Password is causing crashes because cookie-session does not have a regenerate() or save() method.

See this issue: expressjs/cookie-session#166

Could Passport revert to the old style of setting session values unless these methods exist? Thanks.

[jaredhanson]

Thanks for the report. My intent here is to make the session manager pluggable (it is already by setting passport._sm, but will add a public method in a future release). This would allow session management to be plugged in similarly to strategies, which would allow targeting different session implementations (such as cookie-session).

I'll look into implementing a cookie-session-based session manager. For now, I'd suggest pinning to the 0.5.x release of Passport.

[Ylianst]

Thanks. I am pinning to 0.5.x until then! Much appreciated.

[simllll]

We are also facing issues with the regenerate call happneing "automatically" during login and logout, would it be an option to add an option to disable this behaviour?

[soren121]

@simllll What jaredhanson proposed above would allow you to do that, by providing a SessionManager that does not call regenerate.

[zsepton]

Hi, I was wondering if there are any updates on this issue, we need to upgrade to 0.6.0 due to snyk finding, however we can't due to this issue

[MohammedADev]

Also currently facing this error.