Open imseppl opened 2 years ago
To confirm: it does work on other browsers? Is there any information about changes specific to Chrome on Android that would cause this issue?
Good questions. When upgrading to Chrome version from 96 to 97, on both Android and Windows desktop the req.user is undefined. The issue is not appearing on Firefox version 95. Same issue occurs with passport-google-oauth20. The issue is caused by the Chrome version 97, but maybe the node module such as winston are involved.
My Nodejs version v14.18.2
My Node modules "dependencies": { "body-parser": "^1.19.1", "chai": "^3.5.0", "cookie-session": "^2.0.0", "email-validator": "^2.0.4", "express": "^4.17.2", "express-handlebars": "^3.1.0", "express-limiter": "^1.6.1", "express-session": "^1.17.2", "express-socket.io-session": "^1.3.5", "geo-tz": "^4.0.2", "gulp": "^4.0.2", "gulp-autoprefixer": "^2.3.1", "gulp-minify-css": "^1.2.1", "gulp-sass": "^4.1.1", "helmet": "^3.23.3", "http-request": "^0.7.0", "http.min": "^1.3.2", "jquery": "^3.6.0", "jquery-easy-loading": "^1.3.0", "jsonwebtoken": "^8.5.1", "mocha": "^5.2.0", "moment-timezone": "^0.5.34", "mongoose": "^4.13.21", "multer": "^1.4.4", "node-restful": "^0.2.1", "nodemailer": "^4.7.0", "normalize.css": "^3.0.3", "passport": "^0.4.1", "passport-facebook": "^2.1.1", "passport-google-oauth": "^1.0.0", "passport-google-oauth20": "^2.0.0", "passport-google-oidc": "^0.1.0", "passport-local": "^1.0.0", "passport-twitter": "^1.0.4", "paypal-rest-sdk": "^1.8.1", "redis": "^2.8.0", "rookout": "^0.1.130", "sharp": "^0.26.3", "socket.io": "^2.4.1", "stripe": "^6.36.0", "svg-captcha": "^1.4.0", "tropo-webapi": "^15.13.0", "tz-lookup": "^6.1.25", "user-management": "^1.0.6", "validator": "^10.11.0", "winston": "^3.3.3" }
What happens when you try it on Chrome version 97? Do you get the same issue?
Have you taken any steps to pinpoint the issue to passport (or a strategy) in particular? Is it possible that the root cause is in another subsystem, such as session handling?
I did try a work around with sessions, but gave up because I prefer to use req.user. It difficult to diagnose because of the google redirects. I could look at the change log for Chrome and what has changed in 97 version
I have tried various web browsers on Android and found the latest version of Chrome 97.0.4692.70 results in req.user being undefined. This breaks all log in functionality with this web browser version.
req.user is called in the home page after res.redirect('/');