Passport req.session.passport always gives undefined on other api calls

Question

Using passport session is showing undefined for other api calls. For the callback api it is is showing the value

Below is my code. In authenticationMiddleWare the req.session.passport is undefined. But the value is printing inside the /auth call. So inside the auth call i am setting the session and consoling it in post /api call. But that time the session is not shows user details. I am getting only the below result

cookie: {
    path: '/',
    _expires: 2022-05-13T04:53:57.715Z,
    originalMaxAge: 86400000,
    httpOnly: true,
    secure: true,
    ephimeral: true
  }

Below is my code. Please help me to solve the issue

const express = require("express");
const path = require("path");
const app = express();
const bodyParser = require('body-parser');
const loadRouter = require("./routes/index");
app.use(bodyParser.json());
const fs = require("fs");
var session = require("express-session");
 var passport = require("passport");
 var cookieParser = require("cookie-parser");
 var SamlStrategy = require("passport-saml").Strategy;

 app.use(
    session({
      secret: "$$$$",
      saveUninitialized: true,
      resave: true,
      cookie: {
        httpOnly: true,
        secure: true,
        ephimeral: true,
      },
    })
  );
   passport.serializeUser(function (user, done) {
    done(null, user);
  });
  passport.deserializeUser(function (user, done) {
    console.log(user)
    done(null, user);
  });
  app.use(passport.initialize());
  app.use(passport.session());

 app.use(function (req, res, next) {
  res.setHeader("Access-Control-Allow-Origin", "callback_url");
  res.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE");
  res.setHeader(
    "Access-Control-Allow-Headers",
    "X-Requested-With,content-type"
  );
  res.setHeader("Access-Control-Allow-Credentials", true);
  res.setHeader("X-Frame-Options", "deny");
  res.setHeader("Cache-Control", "private, no-cache, no-store");
  next();
});

app.use(bodyParser.json({ limit: "200mb" }));
app.use(cookieParser("$$$$"));
app.use(bodyParser.urlencoded({ extended: true }));

passport.use(
   new SamlStrategy(
     {
       callbackUrl:"callbackUrl",
       entryPoint: "entryPoint",
       issuer: 'issuer',
       cert: "cert",
       identifierFormat: 'identifierFormat',
       decryptionPvk: "decryptionPvk",
       protocol: "https://",
       privateCert: "privateCert"
  
     },
     function (profile, done) {
       var user_info = {
         name_id: profile.nameID,
         email: profile.EMAIL,
         manager: profile.Manager,
         employee_type: profile.EmployeeType,
       };
       return done(null, user_info);
     }
   )
 );



app.post(
  "/auth",
  passport.authenticate("saml", {
    failureRedirect: "/login",
    failureFlash: true,
  }),
  function (req, res) {
    req.session.user =req.session.passport.user ;
    res.redirect("/home");
  }
);

 paths_to_be_excluded = [
  "/login",
  "/",
];

var authenticationMiddleWare = function (req, res, next) {
  if (
    paths_to_be_excluded.indexOf(req.path) <= 0 ||
    typeof req.session.passport !== "undefined"
  ) {
       next();
    } else {
      res.redirect("/login");
    }
};

app.get("/login", function (req, res, next) {
    passport.authenticate("saml", {
      failureRedirect: "/",
      failureFlash: true,
    })(req, res, next);
  });
    

app.use(authenticationMiddleWare);


 app.post("/api", function(req,res,next){
  console.log(req.session)
}); 

app.use(function (req, res, next) {
  if (req.session.passport) {
    if (req.session.passport.user.sso_role) {
      res.cookie("user_id", req.session.passport.user.id, {
        maxAge: 90000,
        secure: true,
        httpOnly: true,
      });
    } else {
      res.cookie("user_id", "FORBIDDEN", {
        maxAge: 90000,
        secure: true,
        httpOnly: true,
      });
    }
  } else {
    res.cookie("user_id", "FORBIDDEN", {
      maxAge: 90000,
      secure: true,
      httpOnly: true,
    });
  }
  next();
});

    app.use(express.static(path.join(__dirname, "client/build")));
    app.get("/*", (req, res) => res.sendFile(path.join(__dirname, "/client/build/index.html")));


const PORT =  9001;
app.listen(PORT, () => {
    console.log(`App Running On Port ${PORT}`);
});

An api call from front end

let url = getURL() + "/api";
            fetch(url, {
                method: "POST",
                headers: {
                    "Content-Type": "application/json",
                },
                credentials: "same-origin",
                body: JSON.stringify({"id": id, "code": code}),
            })
            .then((response) => {
                if (response.ok) {
                    return response.json();
                } 
            })

Answer 1

Finally I resolved it. We need to use "cookie-session" instead of "express-session". So I just changed

var session = require("cookie-session");