80leaves 80leaves - 3 months ago 47x
Node.js Question

Redirecting to previous page after authentication in node.js using passport.js

I'm trying to establish a login mechanism using node.js, express and passport.js. The Login itself works quite nice, also sessions are stored nicely with redis but I do have some troubles with redirecting the user to where he started from before being prompted to authenticate.

e.g. User follows link

is then redirected to
but then I want him to be redirected again back to

The purpose of this is, if the user access randomly a page he needs to be logged in first, he shall be redirected to the /login site providing his credentials and then being redirected back to the site he previously tried to access.

Here is my login post

app.post('/login', function (req, res, next) {
passport.authenticate('local', function (err, user, info) {
if (err) {
return next(err)
} else if (!user) {
console.log('message: ' + info.message);
return res.redirect('/login')
} else {
req.logIn(user, function (err) {
if (err) {
return next(err);
return next(); // <-? Is this line right?
})(req, res, next);

and here my ensureAuthenticated Method

function ensureAuthenticated (req, res, next) {
if (req.isAuthenticated()) {
return next();

which hooks into the

app.get('/hidden', ensureAuthenticated, function(req, res){
res.render('hidden', { title: 'hidden page' });

The html output for the login site is quite simple

<form method="post" action="/login">

<div id="username">
<input type="text" value="bob" name="username">

<div id="password">
<input type="password" value="secret" name="password">

<div id="info"></div>
<div id="submit">
<input type="submit" value="submit">



I don't know about passport, but here's how I do it:

I have a middleware I use with app.get('/account', auth.restrict, routes.account) that sets redirectTo in the session...then I redirect to /login

auth.restrict = function(req, res, next){
    if (!req.session.userid) {
        req.session.redirectTo = '/account';
    } else {

Then in routes.login.post I do the following:

var redirectTo = req.session.redirectTo ? req.session.redirectTo : '/';
delete req.session.redirectTo;
// is authenticated ?