I am using passport-facebook and express-session for storing sessions of users on the server side. The session is getting stored in mongo,and cookie is also getting set in browser,but req.isAuthenticated() is returning false,and req.user() is undefined.

passport.deserializeUser is also working fine.

Any idea on why this might be happening?

For me,it was a CORS issue.Though the cookie was properly set in browser by passport,but it was not getting sent back by the subsequent axios requests.So both req.isAuthenticated() and req.user() were not working.

To make it work,I had to set the following in client side:

axios.defaults.withCredentials = true;

and following in server side(NodeJS + express):

  app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "http://localhost:3000");
  res.header("Access-Control-Allow-Credentials",true);
  next();
});