Typically the credentials used to authenticate are transmitted during a login request. On a successful login, a session cookie is implemented in the user’s browser to verify authentication. Subsequent requests from the browser include the session
cookie that can be used to verify the authentication.
Passport serializes and deserializes the authenticated User
object returned from the authentication source. You need to specify how the serialization takes place. The serializeUser()
and deserializeUser()
methods accept the serialization functions. They accept a user
object and modify it and pass it on by using the done()
method. The following is an example of using the serialization method to store the user.id
in the session rather than the entire user
object and then uses a Mongoose call to findByID()
in the deserialization to look up the user by the ID from the session:
passport.serializeUser(function(user, done) {
done(null, user.id);
});
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});