Hey there! Let's tackle both of your problems step by step to get your authentication flow back on track.

1. Fixing the express-session Deprecation Warning #

The warning about the missing resave option pops up because newer versions of express-session require explicit values for both resave and saveUninitialized to avoid ambiguous behavior. Here's how to update your session configuration:

// In app.js, where you configure express-session
app.use(session({
  secret: 'your-strong-unique-secret-key', // Replace with your actual secret
  resave: false, // Disable resaving sessions that haven't changed
  saveUninitialized: false, // Don't save uninitialized sessions (better for privacy & storage)
  // Add any other existing config (like cookie settings) here
}));

Quick breakdown of these options:

• resave: false: Prevents unnecessary writes to your session store when the session data hasn't been modified.
• saveUninitialized: false: Skips saving sessions that are new but haven't been modified (this aligns with privacy best practices and reduces unused session entries).

2. Resolving the "Cannot read property 'indexOf' of undefined" Error #

This error almost always means you're calling indexOf() on a variable that's undefined or null. Let's look at the most likely causes in a Passport setup:

Check Passport Initialization Order #

Make sure your middleware runs in the correct sequence—this is a super common mistake! The order should be:

• Configure express-session first
• Initialize Passport and session support
• Then load your Passport configuration

Example correct order in app.js:

// 1. Configure express-session (as fixed above)
app.use(session({ ... }));

// 2. Initialize Passport middleware
app.use(passport.initialize());
app.use(passport.session());

// 3. Load your Passport strategy config
require('./config/passport')(passport);

If you load the Passport config before initializing passport.session(), Passport might not have access to the session data it needs, leading to undefined values that throw the indexOf error.

Audit Your Passport Strategy & Serialization/Deserialization #

Check your ./config/passport.js file for places where you might be accessing properties on an undefined object:

• In your authentication strategy (like LocalStrategy), make sure the user object returned from your database isn't null before accessing its properties.
• In serializeUser and deserializeUser, add guards to ensure the user/id exists before proceeding.

Example with safety checks:

// In passport.js
passport.serializeUser((user, done) => {
  if (!user) {
    return done(new Error("User object is undefined"), null);
  }
  done(null, user.id);
});

passport.deserializeUser((id, done) => {
  User.findById(id, (err, user) => {
    if (err) return done(err);
    if (!user) {
      return done(new Error("User not found in database"), null);
    }
    done(null, user);
  });
});

Check Route/Middleware Code #

If the error is happening in a route handler, look for any indexOf() calls on properties that might not exist (like req.user.someProperty). Add checks to ensure the value exists before using it:

// Example route guard
app.get('/protected', (req, res) => {
  // Ensure req.user exists and has the property you need
  if (req.user && req.user.role && req.user.role.indexOf('admin') !== -1) {
    res.send('Welcome admin!');
  } else {
    res.redirect('/login');
  }
});

Next Steps #

1. First fix the express-session config to eliminate the deprecation warning—this is a quick win.
2. Double-check the order of your middleware in app.js.
3. Add safety checks in your Passport config and route handlers to catch undefined values before they cause errors.

If you still run into issues, sharing the exact line number where the indexOf error occurs would help narrow things down further!

内容的提问来源于stack exchange，提问作者Divyesh Parmar