The Default Authenticator supports the storage of the user object onto the request.

The user variable on the request is set on login() and removed on logout(). Its presence is used to determine whether a user is authenticated or not.

In addition, the Passport.js logIn and logout functions are supported. If they are available on the request, they will be invoked.

Finally, req.session is supported. If req.session is available, its save() method will be called to persist session state after login and after logout.


There is no additional configuration required.