Passport v0.6.0(latest) incompatibility with cookie-session

[jtouris]

Issue Overview

Hi, I would like to know what suggestions/workaround you recommend to the current problem related to passport v0.6.0 incompatibility with cookie-session v2.0.0. Application throws error TypeError: req.session.regenerate is not a function so this is currently a big limitation.
The workaround provided on passport's repo is to downgrade to 0.5.x but this approach is vulnerable to CVE-2022-25896

Describe your environment

• Editor: VSCode
• Browser: Google Chrome
• Running on: MacBook Pro 2.6 GHz 6-Core Intel Core i7

Steps to Reproduce

1. install npm dependencies npm install
2. configure database connection
3. run project and try to login

Expected Behavior

• User is able to Log in with proper credentials
• User gets error message of invalid credentials (if user is not yet created or has invalid credentials)

Current Behavior

app crashes with: TypeError: req.session.regenerate is not a function

Possible Solution

downgrade passport version to 0.5.x but this approach is vulnerable to CVE-2022-25896

Screenshots / Video

Related Issues

• Sessions do not always have regenerate() and save() cauing a fault jaredhanson/passport#904
• req.session.regenerate is not a function since upgrade to 0.6.0 jaredhanson/passport#907
• Problem using with passport 0.6.0: session.regenerate is not a function expressjs/cookie-session#166

[joeyguerra]

I just ran into this issue. I did the following as a work around. NOTE: this has not gone through extensive testing.

const regenerate = callback => {
	console.log('regenerating')
	callback()
}
const save = callback => {
	console.log('saving')
	callback()
}
app.use((req, res, next)=>{
	req.session.regenerate = regenerate
	req.session.save = save
	next()
})
app.use(passport.session())