Fix premature redirect when used with express-session

jaredhanson · May 18, 2018 · 1db59e7 · 1db59e7
1 parent 2327a36
commit 1db59e7
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/lib/middleware/authenticate.js b/lib/middleware/authenticate.js
@@ -101,6 +101,15 @@ module.exports = function authenticate(passport, name, options, callback) {
     // accumulator for failures from each strategy in the chain
     var failures = [];
 
+    function redirect(url) {
+      if (req.session && req.session.save && typeof req.session.save == 'function') {
+        return req.session.save(function() {
+          return res.redirect(url);
+        });
+      }
+      return res.redirect(url);
+    }
+
     function allFailed() {
       if (callback) {
         if (!multi) {
@@ -142,7 +151,7 @@ module.exports = function authenticate(passport, name, options, callback) {
         }
       }
       if (options.failureRedirect) {
-        return res.redirect(options.failureRedirect);
+        return redirect(options.failureRedirect);
       }
 
       // When failure handling is not delegated to the application, the default
@@ -255,10 +264,10 @@ module.exports = function authenticate(passport, name, options, callback) {
                 url = req.session.returnTo;
                 delete req.session.returnTo;
               }
-              return res.redirect(url);
+              return redirect(url);
             }
             if (options.successRedirect) {
-              return res.redirect(options.successRedirect);
+              return redirect(options.successRedirect);
             }
             next();
           }