From 1db59e721a078136392048b646c3b0b8c68166a5 Mon Sep 17 00:00:00 2001
From: Yuping Zuo <zypA13510@users.noreply.github.com>
Date: Fri, 18 May 2018 16:17:08 +0800
Subject: [PATCH] Fix premature redirect when used with express-session

---
 lib/middleware/authenticate.js | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/middleware/authenticate.js b/lib/middleware/authenticate.js
index ccc9b2ac..e53aec23 100644
--- a/lib/middleware/authenticate.js
+++ b/lib/middleware/authenticate.js
@@ -101,6 +101,15 @@ module.exports = function authenticate(passport, name, options, callback) {
     // accumulator for failures from each strategy in the chain
     var failures = [];
     
+    function redirect(url) {
+      if (req.session && req.session.save && typeof req.session.save == 'function') {
+        return req.session.save(function() {
+          return res.redirect(url);
+        });
+      }
+      return res.redirect(url);
+    }
+    
     function allFailed() {
       if (callback) {
         if (!multi) {
@@ -142,7 +151,7 @@ module.exports = function authenticate(passport, name, options, callback) {
         }
       }
       if (options.failureRedirect) {
-        return res.redirect(options.failureRedirect);
+        return redirect(options.failureRedirect);
       }
     
       // When failure handling is not delegated to the application, the default
@@ -255,10 +264,10 @@ module.exports = function authenticate(passport, name, options, callback) {
                 url = req.session.returnTo;
                 delete req.session.returnTo;
               }
-              return res.redirect(url);
+              return redirect(url);
             }
             if (options.successRedirect) {
-              return res.redirect(options.successRedirect);
+              return redirect(options.successRedirect);
             }
             next();
           }