Jhecht Jhecht - 4 months ago 41
Node.js Question

Getting error of "Can't serialize user", but the passport.serializeUser is never called

My struggle with adding passport to my application continues! I got it so that I no longer get the crazy huge errors that I saw before, but the app just kept outputting

. So after putting in as many
statements as I could find, I've narrowed it down to the fact that the application says it can't serialize the user object, but as far as I can tell the
function is never called.

GitHub link with all files (other than node modules)

Granted, I am not 100% on how passport works, and I'm super new to Node but have experience with other languages for years, so if I need to I can just do this by hand, but I'd much prefer using passport as it allows for me to eventually use Facebook and Google auth without having to remake the wheel, so to speak.


Here is the exact error:

Passport Strategy jhechtf (password)

user found

passwords are good

Passport Authenticate : jhechtf

Passport Authenticate Err: null

Passport Authenticate Info: { message: 'Logged In Successfully' }

AuthController Error: [Error: Failed to serialize user into session]

Now I've googled "Failed to serialize user into session passport.js" in almost every term imaginable but every time it always seems to be something with the
instead of
. The one thing that struck me was that my
calls from the
aren't seen at any point in time.


var passport = require('passport');

module.exports = {

_config: {
actions: false,
shortcuts: false,
rest: false

login: function (req, res) {

passport.authenticate('local', function (err, user, info) {
return res.status(403).send(info);

console.log("Passport Authenticate : ", user.username);
console.log("Passport Authenticate Err: ", err);
console.log("Passport Authenticate Info: ", info);
req.logIn(user, function (err) {
if (err) {
console.log("AuthController Error: " , err);
return res.status(401).send(err);
//Assume a correct login?

var red = req.session.redirectTo || '/';
//get the redirection value if it was set.
delete req.session.redirectTo;
//Now that we've got it, delete it.

})(req, res);

logout: function (req, res) {


var passport = require('passport'),
LocalStrategy = require('passport-local').Strategy,
bcrypt = require('bcrypt-nodejs');

passport.serializeUser(function (user, done) {
console.log("Serialize User (passport.js) ", user);
// if(user==false || user == undefined){
// done({error:'user is not a user object, but is false or undefined'});
// }
// done(null, user.user_id);

passport.deserializeUser(function (id, done) {
console.log("ID COMING IN AS: ", id);
user_id: id
}, function (err, user) {
return done(err, user);

passport.use(new LocalStrategy({
usernameField: 'username',
passwordField: 'user_password'
function (un, password, done) {
console.log("Passport Strategy ", un,password);

username: un
}, function (err, user) {
if (err) {
console.log("USER.FINDONE ERROR ", err);
return done(err,false,{message:'Can\'t find user'});
if (!user) {
return done(null, false, {
message: 'Incorrect Username <small>Are you sure you signed up?</small>'
console.log('user found');
if (bcrypt.compareSync(password, user.user_password)) {
console.log('passwords are good');
return done(null, user, {
message: 'Logged In Successfully'
} else {
return done(null, false, {
message: 'Invalid Password'


config/http.js (just in case)

passportInit: require('passport').initialize(),
passportSession: require('passport').session(),

order: [

SQL for the table

CREATE TABLE `users` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(32) NOT NULL,
`user_password` varchar(255) DEFAULT NULL,
`user_salt` varchar(100) NOT NULL,
`user_email` varchar(255) NOT NULL,
`user_first_name` varchar(100) DEFAULT NULL,
`user_last_name` varchar(255) DEFAULT NULL,
`user_display_name` varchar(255) DEFAULT NULL,
UNIQUE KEY `user_id` (`user_id`)

hanks for your time and patience.


The problem is that you have two sets of libraries for Passport authentication: the sails-auth package (which includes a few models, controllers, routes etc.) and the passport + passport-local packages (just the plain Passport libraries). It seems you're actually not using sails-auth at all, but nevertheless it hooks into your application and makes Passport configurations of its own. I guess that's why your passport.serializeUser() function is never "activated".

Remove sails-auth from your package.json file and from your node_modules/ directory to fix your setup.