userman.web.authenticate() assumes no session data if not logged in #11
Description
This function simply checks if req.session exists. This is not correct, as web applications may keep session data for non-authenticated visitors.
{{ message }}
This function simply checks if req.session exists. This is not correct, as web applications may keep session data for non-authenticated visitors.