PassportJS - Is it possible to change req.user for another user?

Question

In my application, I have implemented the ability to change a users permissions, rank, etc. It works great, if I update my own permissions, I can see the changes instantly s

Answer 1

You can try to delete the session , or regenerated the sessionID. but this will force that user to re-login.

In case your sessions are stored in mongodb. then you can check collection by name app_sessions and it has a field by name userId.

in Express session there is a module called store. and it providea many API to find session by sessionID. but unfortunately no API to find session by userID.

So if you want to use the session store API then you can call store.all , which will give all session. But this is really cruel method. becasue I dont know how much data it may be holding.