If authentication succeeds, a session will be established and maintained via a cookie set in the user’s browser. However, if a user logs in and refreshes the page, the user data won’t persist across HTTP requests. We can fix this by serializing and deserializing users.

Serializing a user determines which data of the user object should be stored in the session, usually the user id. The serializeUser() function sets an id as the cookie in the user’s browser, and the deserializeUser() function uses the id to look up the user in the database and retrieve the user object with data.

When we serialize a user, Passport takes that user id and stores it internally on req.session.passport which is Passport’s internal mechanism to keep track of things.

passport.serializeUser((user, done) => { done(null, user.id); });

In the code example, we pass a user object and a callback function called done after successful authentication.

The first argument in the done() function is an error object. In this case, since there was no error we pass null as the argument. For the second argument, we pass in the value that we want to store in our Passport’s internal session, the user id. Once configured, the user id will then be stored in Passport’s internal session:

req.session.passport.user = {id: 'xyz'}

For any subsequent request, the user object can be retrieved from the session via the deserializeUser() function. We can implement the deserializeUser function as follows:

passport.deserializeUser((id, done) => { // Look up user id in database. db.users.findById(id, function (err, user) { if (err) return done(err); done(null, user); }); });

For the deserializeUser function, we pass the key that was used when we initially serialized a user (id). The id is used to look up the user in storage, and the fetched object is attached to the request object as req.user across our whole application.

This way we’re able to access the logged-in user’s data in req.user on every subsequent request!



Complete the serializeUser() function by making a call to the done() callback. NO error was found, and we can use the user’s ID property in order to serialize a user.

Type node app.js into the Terminal to start the node app.

Press the Check Work button to check your work for each checkpoint.


Add a callback arrow function with the correct arguments to the deserializeUser() function.


A function to look up users in the database using an id has been provided, db.users.findById(). Add it to the deserializeUser() function body.

Provide an id as the first argument, and an anonymous callback function with err and user as its arguments.


Within the function body of findById(), add an if statement that checks if an error is found.

In that if statement, return the done() callback with one argument showing that an error was found.


At this point, we have found NO errors and have successfully retrieved a user.

At the end of the function body, make a call to the done() callback with the correct arguments.

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?