Currently I have a website that used node.js, express.js as the backend API server and passport.js for authentication. When the user login with their credentials the server will start a session and keep the user session in req.user or req.session.passport.user (Please correct me if I stated this incorrectly..)
Later when you GET /loggedin
it just res.json(req.user)
and gives you the user information. On the client we can simply GET /loggedin
in every request to check the login status and user info.
This is working on a browser. But when I am trying to do the same thing on mobile it appears that the device cannot establish a session with the server. which mean GET /loggedin
returns 401 unauthrorized.
So I was wondering if I am doing something wrong?