"Passport was not initialized" when using Passport 0.3.0 and Socket.io 1.3.6

[patrickpilch]

I am unable to get this library to work properly. My authorization failure callback is always called from the library's index.js file at line 75

if(!session[auth.passport._key])
        return auth.fail(data, 'Passport was not initialized', true, accept);

Here is the code related to my setup

var session = require('express-session');
var sessionStore = new RedisStore( { client:redis } );
var RedisStore = require('connect-redis')(session);
// ...
app.use( session({
        store: sessionStore,
        secret: 'such secret wow',
        resave: false,
        saveUninitialized: true //TODO change to false
    })
);
// ...
app.use(passport.initialize());
app.use(passport.session());
var server = http.createServer(app);
var sockets = require('socket.io')(server);
sockets.use(PassportSocketIo.authorize({
    key: 'connect.sid',
    secret: 'such secret wow',
    store: sessionStore,
    success: onAuthorizeSuccess,
    fail: onAuthorizeFail
}));

[willshiao]

I get the same error. I'm using:

• connect-mongo-db 1.1.5 (for my sessionStore)
• express 4.13.1
• express-session 1.11.3
• passport 0.3.0
• socket.io 1.3.7

@patrickpilch Were you able to find a fix?

[jfromaniello]

Are you using the session middleware from express?

[willshiao]

@jfromaniello I am using express-session, if that's what you are asking.

[neilff]

I had the same issue, I ended up downgrading to the packages listed in package.json.

I then got a new error saying it was unable to find the provided session ID. That turned out to be an unrelated issue which occurred because I was pointing to //localhost instead of //127.0.0.1. See http://stackoverflow.com/questions/25456656/passport-socketio-has-issues-finding-session for the second issue if you run into that.

[patrickpilch]

@willshiao
I ended up not using this library in favor of this route: http://stackoverflow.com/a/25618636
My setup:

var session = require('express-session');
var sessionMiddleware = session({
    store: sessionStore,
    secret: 'such secret wow',
    resave: false,
    saveUninitialized: false
});

sockets.use(function(socket, next) {
    sessionMiddleware(socket.request, socket.request.res, next);
});

[deelan]

Any progress on this issue? It doesn't seem to happen consistently (that is, somehow not every time - but definitely frequently) and is preventing me from being able to use passport 0.3.x and passport.socketio 3.6.x. If there is no plan to address it, that would be useful to know.

Thanks!

[camj256]

yeah, i really need to get this figured out. I have a few apps this is happening on. going to be looking into it much deeper this week and i'll post back if I can figure it out.

[dpieri]

I am also having this problem. I added some debugging code to the library and at the point that this error is thrown session is: { cookie: { originalMaxAge: 8640000, expires: '2015-11-30T03:12:47.918Z', httpOnly: true, path: '/' } }

So session[auth.passport._key] is undefined, thus throwing this error.

Passport version: 0.3.2
Socket.io version: 1.3.7

[jfromaniello]

That turned out to be an unrelated issue which occurred because I was pointing to //localhost instead of //127.0.0.1.

That's not an unrelated issue but most of the time the reason of this specific issue. This module uses the passport session and in order to do that you need to verify that the browser is sending the cookies on the handshake. One of the reasons where the browser will not send the cookie is because you are using different domains, like localhost to authenticate and 127.0.0.1 for socketio.

[dpieri]

My problems were also related to cross-domain cookies. I resolved this problem by using the CORS workaround from the Readme. I see in the code that you have an error message telling people to do just that, but for whatever reason I never hit that.

[jackycute]

I encounter the same issue as @dpieri did.
And also tried his advise using the CORS workaround.
The error not occur anymore but users are not authorized too.

So I look down to the detail, I found that if you using CORS request here.
The session is undefined and will return auth.fail at same time.

I tried several times and found that the object named passport might not always in the session object.
And that cause Passport was not initialized error, you can consider user is not authorized in this case.

This might cause by some changes in the newer version of passport, I will go check it.

[nikhilsarvaiye]

this is old question, but the problem is your are missing passport.serializeUser and passport.deserializeUser

passport uses deserializeUser to update user in session object.

[charlieg-nuco]

I'm getting this error as ewll. I tried using 127.0.0.1 in my browser as well. The app seems to run on a server but not locally.

[wimgz]

sockets.use(function(socket, next) { sessionMiddleware(socket.request, socket.request.res, next); });

I used this too and replaced won't use this library