how do I can generate sessions in server for logged in users only , with Express, Express-session, Passport and Connect-mongo?

Question

I'm using express-session, passport, connect-mongo and mongodb-atlas last versions, for create sessions and save them on the server, the problem is when app.use(passport.session()), this session is created even if the user is not logged in.

app.use(session({
    // key: "id",
    secret: process.env.SESSION_SECRET,
    cookie: {
        httpOnly: true,
        sameSite: true,

        // secure: process.env.IN_PROD,
        maxAge: 10800000,
    }, // three hours in miliseconds
    store: new MongoStore({
        mongooseConnection: mongoose.connection,
        autoReconnect: true,
        collection: "admin.mySessions",
        serialize: serialize

    }),
    resave: false,
    saveUninitialized: false,
    name: 'Id'
}));

this causes that when passport is initialized and the passport session the cookie is saved with session id and the session is saved in the mongodb mi question is how save session only for users logged in

naveen ashok naveen ashok · Accepted Answer · 2019-04-05T08:43:41

Hello mate I am not aware of mongo-session, but from your explanation I understand that you are creating token for users even if they don't login. I suggest you create a new token each time a user hits login API and expire the token once he logs out.By following this token is generated only for active users.

how do I can generate sessions in server for logged in users only , with Express, Express-session, Passport and Connect-mongo?

1 Answers