Odtnhj

I recently added authentication to my website using bcrypt. When authenticating, bcrypt compares the passwords.

If passwords match req.session is set as a cookie and written to mongodb using connect-mongodb-session. But when redirecting to /events the app crashes and gives me an error: Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client

I'm using handlebars to render my html code

auth route:

Router.get('/', (req, res) => 
 res.status(200).render('login', pageTitle: 'Log In');
)

Router.post('/', (req, res) => 
 //Authenticate user
 const username = req.body.username;
 const pass = req.body.password;

 User.findOne(username: username).then((user) => 
 if (user) 
 //Validate password
 console.log(user);
 console.log(user.password);
 bcrypt.compare(pass, user.password).then((doMatch) => 
 console.log(doMatch);
 //Check if password match
 if (doMatch) 
 //To use session use express-session package
 req.session.isLoggedIn = true;
 req.session.user = user;
 req.session.save((err) => 
 console.log(err);
 res.redirect('/');
 );
 return res.redirect('/events');
 else 
 res.redirect('/');
 
 ).catch((err) => 
 console.log(err);
 );
 else 
 return res.redirect('/');
 
 ).catch((err) => 
 console.log(err);
 );

);

events route:

Router.get('/events', (req, res) => 
 if (req.session.isLoggedIn) 

 Event.find(, (err, events) => 
 res.render('events', 
 prods: events,
 pageTitle: 'Events',
 path: '/events',
 hasProducts: events.length > 0
 );
 ).catch((err) => 
 console.log(err);
 );

 else 
 console.log('User not authenticated');
 res.status(401).send('User not authenticated');


);

These lines are the culprit.

req.session.save((err) => 
 console.log(err);
 res.redirect('/');
 );
 return res.redirect('/events');

Here you pass a callback into save and immediately redirect res.redirect('/events').
After some time when callback redirect res.redirect('/'); throws an error.