I am trying to access a passport protected page of my Express.js app with a Phantom.js script.

How can I simulate a logged in user without knowing the passport?

I am using Passport.js as a auth library with LocalStrategy and MongoStore to safe the sessions in the mongo database. I am wondering if I can create a record in the sessions collection and set a generated cookie with Phantom.js (phantom.addCookie(...)) to simulate a specific logged in user without the password of the user?

Can I generate the content of the of the connect.sid cookie for a specific user in the backend and add it to phantom.js in order to simulate a logged in user?

Findings:

I figured out that Passport.js uses the Cookie-Signature node module to sign the cookie content and I assume Express.js uses the Connect cookie and session middleware to handle the cookie and session creation and insert them into the HTTP headers.

using javascript, you should be able to fill in your login fields and submit. (simulating a user login, not trying to recreate a login cookie)

that would probably be your best bet.

for how to fill in forms, see: How to fill in form field, and submit, using javascript? Automatic form fill using javascript