troubleshooting Question

Ticket says, "Redirect from form is not validated..."

Avatar of Bruce Gust
Bruce GustFlag for United States of America asked on
3 Comments1 Solution95 ViewsLast Modified:
I'm working on a ticket whose title is, "Redirect from form is not validated."

Not sure what that means.

Here's what I know:
The app is using "express-session"
I'm storing the session data in "user-sessions"

try {
  let sessionObj = session({
    secret: process.env.SESSION_SECRET,
    store: new MongoStore({
      mongooseConnection: global.db,
      collection: 'user_sessions'
    cookie: {
      maxAge: (60 * 60) * 1000, // 1 hour - milliseconds
    rolling: true, // resets the cookie max age on each request
    resave: false,
    saveUninitialized: true

} catch (err) {
  console.log('Error: ', err);
  return false;
After successfully logging in, I can do a "console.log(req.session);" and see all of my session data.

Here's the file coming out of my "services..."

  async auth(email, password) {
    const isDev = (process.env.ENV == 'local' || process.env.ENV == 'dev');
    let match = {
      email: email,
      active: true

    try {
        let user = await this.loadUser(match);        
      // validate the password hash
      if (!isDev) {
        await this.checkPasswordHash(password, user.password);

      return this.success(user);
    } catch (err) {
      console.log('Error: ', err);
      return this.error(err);

And here's the login route:'/login/auth', async (req, res) => {
  if (typeof == 'undefined' || typeof req.body.password == 'undefined') {
    flash.add(req, 'Please enter a valid email address and password before trying again.', 'danger');
    return res.redirect('/login');

  let resp = await user.auth(, req.body.password);

  if (resp.error) {
    flash.add(req, 'The provided email address and password combination is invalid. Please try again. If you need further assistance, please call 855.581.9910.', 'danger');
    return res.redirect('/login');

  req.session.user =;
    await user.lastLogin();//Update lastLogin date
  let redirect = (req.body.redirect != '') ? req.body.redirect : '/';


This may all be golden and I just don't know it. But before I go asking around, I wanted to do my due diligence and make sure that I wasn't missing something.

Does this look OK? If something is jacked up, what's lacking and how can I fix it?
Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros