sails.js - Is there a reason why the local strategy for sails-generate-auth does not set req.session.authenticated to true -

sails.js - Is there a reason why the local strategy for sails-generate-auth does not set req.session.authenticated to true -

when login using local strategy subsequent requests having sessionauth policy on them fail because req.session.authenticated undefined. i've excerpted portion of login function api/services/protocols/local.js. i've inserted comment code believe missing.

passport.validatepassword(password, function (err, res) { if (err) { homecoming next(err); } if (!res) { req.flash('error', 'error.passport.password.wrong'); homecoming next(null, false); } else { ///// shouldn't authenticated set true here? ///// req.session.authenticated = true; homecoming next(null, user); } });

as suggested alberto souza local strategy works if alter sessionauth.js from:

module.exports = function(req, res, next) { if (req.session.authenticated) { homecoming next(); } homecoming res.forbidden('you not permitted perform action.'); };

to:

module.exports = function(req, res, next) { if (req.isauthenticated()) { homecoming next(); } homecoming res.forbidden('you not permitted perform action.'); };

so reply question seems sessionauth.js part of default sails app generation , not created when run sails generate auth , hence alter need create manually documentation neglects tell about.

sails.js