Passport – user is always authenticated after login once


This is my first project using passport and I’ve never dealt with authentication before.

Ive followed this one guide for my application:–passport-mssql

And most of my code for auth is the same as the guide

My problem is, after logging in, it is possible to access the profile page of the user authenticated on different browsers and PCs using the same IP, even though those never went through authentication. I’ve searched for the cause of my issue but couldn’t find a solution.

This is the code for session:

cookie: {
    maxAge: new Date( + (7 * 24 * 60 * 60 * 1000))
secret: 'secret',
resave: false,
name: "ucompany",
saveUninitialized: true

I would really appreciate any help, since I’ve never done that before and I’m kinda lost.