Passport.js failing to serialize user

Question

I am using passport.js for Google, Facebook and Twitter logins only.

Node.js v0.8.19 with express.js 3.1.0, and passportjs version 0.1.16. (passport-facebook - 0.1.5, twitter - 0.1.4 passport-goolge-oauth - 0.1.5 )

Everything works fine for a while, after an hour or so of the app running passport.js stops serializing the user into the req.user session.

Facebook and google are receiving meaning full data from their respective api's

passport.use(new FacebookStrategy({
    clientID: FACEBOOK_APP_ID,
    clientSecret: FACEBOOK_APP_SECRET,
    callbackURL: "http://localhost:3000/auth/facebook/callback"
  },
  function(accessToken, refreshToken, profile, done) {
      var temp = {} 
      temp.name = profile.displayName
      temp.id = profile.id
      console.log(temp)
      return done(null, temp);
}));

The console.log here will successfully print user id and name, however after calling

passport.serializeUser(function(user, done) {
  done(null, user);
});

passport.deserializeUser(function(obj, done) {
  done(null, obj);
});

Serialize and deserialize are taken from the passport-facebook example.

The user will not be attached to req.user.

Twitter never gets that far, after returning to the callback url, twitter gives the error:

Error: failed to find request token in session
[03/11 23:28:24 GMT]     at Strategy.OAuthStrategy.authenticate            

Note: these failures only happen after a period of time, the work properly for a while. Thats why I think it may be a memory issue, like Im saving the session in memory instead of a cooke.

This is my express app configuration

app.configure(function(){
  app.set('port', process.env.PORT || 8080);
  app.set('views', __dirname + '/views');
  app.set('view engine', 'jade');
  app.use(express.favicon());
  app.use(express.logger('dev'));
  app.use(express.cookieParser());
  app.use(express.bodyParser());
  app.use(express.methodOverride());
  app.use(express.cookieSession({ secret: 'tobo!', cookie: { maxAge: new Date(Date.now() +     3600000), }}));
  app.use(passport.initialize());
  app.use(passport.session());
  app.use(app.router);
  app.use(express.static(__dirname + '/public'));
});

I have looked at the mailing list etc, but I could not find something matching this problem. I have checked on my localhost and on a nodejitsu server. Everything works for a while then fails.

Answer 1

First you must understand what serialize and deserialize are meant for.

1) serializeUser take a user object and store any information you want in the session, when you return done(null, user), as per your first question.

2) deserializeUser take the information stored in the session (sent by cookieSession in every request) and checks if the session is still valid for a user, and if(!err) done(null,user) is true, keeps the user in the session, where else done(err,null) removes it from the session, redirecting you to whatever your app.get('/auth/:provider/callback') sends the user to after checking if the session is timed out or not. This should clarify things for your second question.