== Why is this an issue?

include::../description.adoc[]

=== Noncompliant code example

For http://www.passportjs.org/[Passport.js]:

[source,javascript]
----
app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login' }),
  function(req, res) {
    // Sensitive - no session.regenerate after login
    res.redirect('/');
  });
----

=== Compliant solution

For http://www.passportjs.org/[Passport.js]:

[source,javascript]
----
app.post('/login', 
  passport.authenticate('local', { failureRedirect: '/login' }),
  function(req, res) {
    let prevSession = req.session;
    req.session.regenerate((err) => {  // Compliant
      Object.assign(req.session, prevSession);
      res.redirect('/');
    });
  });
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]