I'm sure that there will be an obvious answer, but I didn't find any solution neither in official documentation nor anywhere on the internet.
With Passport.js we have to define two methods, one to serialize and one to deserialzie the user session.
From official documentation I read:
Only the user ID is serialized to the session, keeping the amount of data stored within the session small. When subsequent requests are received, this ID is used to find the user, which will be restored to req.user
Serialization is the process of translating data structures or object state into a format that can be stored
As you say, the only user data persisted in the session is the user id. If you wanted to cache the deserialisation of user ids to users then you'd have to maintain that yourself (presumably in memory, as you're concerned about the time to retrieve the data). The problem with this is that you then have to invalidate/update that cache on any operations which update the user (perhaps the user changes their email address or password) otherwise you risk having outdated data on
You implied you're working with a database (rather than an in memory store like Redis) and are worried about the performance implications of fetching the user from the database on every request. It's impossible to be certain without knowing more about your particular setup, but I think your concerns are likely to be unfounded - a single call to fetch a user record based on an ID (which databases are well-optimised for - the primary key index on a SQL-based db for instance) shouldn't add any significant latency to a request.