Calling authenticate() without a successRedirect

[edwin177]

This took me longer than I'd like to track down.

When calling authenticate() without setting a successRedirect, the following lines are not called, so the user has to do these steps manually:

// if the successRedirect is set, we redirect to it and set the user in the
// session sessionKey
session.set(options.sessionKey, user);
let cookie = await sessionStorage.commitSession(session);
throw server_runtime_1.redirect(options.successRedirect, {
    headers: { "Set-Cookie": cookie },
});

Maybe make this side effect more explicit in the docs? We're not just trading redirect vs getting the user, we're also losing out on setting the cookie.

Or, do more of these steps even when successRedirect is not provided?

My use case is that successRedirect depends on the logged in user, so I can't set it when calling authenticate().

[sergiodxa]

This probably needs to be better documented, I have the same use case btw, so yeah you get the user, but because you don't get a session object back I can't set the user data in the session I get inside the strategy because if you run sessionStorage.getSession you will get a different session object without what I set.

[sergiodxa]

I updated the documentation in the README to mention how to do this.

[edwin177]

Thanks, I like the example you used!

[ngbrown]

Would it also make sense for the authenticator.authenticate function to return the session so it doesn't have to be fetched twice? Especially when based on createSessionStorage or one of the other remote session storages.