📜 Description
Problem
When a user account is deleted from the database (either by an admin or via an account closure feature), their web browser still stores an active, signed session cookie. The next time their browser sends a request, Passport executes its extraction routine:
Because the lookup returns null, passing it downstream means any subsequent route middleware attempting to read properties (like req.user.username or req.user.role) instantly throws a fatal runtime exception: TypeError: Cannot read properties of null. This completely crashes the Node.js application instance.
Solution
Add an explicit database document verification gate inside the session decoding layer. If the document comes back empty, immediately pass a failure flag down the middleware loop to gracefully invalidate the stale cookie.
Please assign me under gssoc 2026
📜 Description
Problem
When a user account is deleted from the database (either by an admin or via an account closure feature), their web browser still stores an active, signed session cookie. The next time their browser sends a request, Passport executes its extraction routine:
Because the lookup returns null, passing it downstream means any subsequent route middleware attempting to read properties (like req.user.username or req.user.role) instantly throws a fatal runtime exception: TypeError: Cannot read properties of null. This completely crashes the Node.js application instance.
Solution
Add an explicit database document verification gate inside the session decoding layer. If the document comes back empty, immediately pass a failure flag down the middleware loop to gracefully invalidate the stale cookie.
Please assign me under gssoc 2026