javascript - NodeJS Session Authentication -

i'm trying setup logged in session pages should login-restricted redirect login screen. unfortunately, app.get seems acting weird , not triggering cases.

for example, authentication function:

function authenticate(req,res) {     var pass = false;      if (req.session.loggedin) pass = true;     console.log(pass);     if (pass) {         next();     } else {         res.redirect("/html/login.html");     } } 

and server.js:

app.use(express.static(__dirname)); app.use(express.json()); app.use(express.urlencoded()); app.use(express.cookieparser()); app.use(express.session({secret: 'secretkey'})); //not real key  //gets app.get("/oneplayer",authenticate);  app.get("/",authenticate);  app.get("/logout",function(req,res) {     req.session.destroy();     res.redirect("/"); }); 

the / gets authenticated, can see in terminal, /oneplayer not trigger @ all, , can page without logging in.

notes: /oneplayer directory. main page oneplayer/index.html (tried full path well, no trigger). have made sure session destroyed logging out , destroying session.

why function not being called /oneplayer? can't figure out.

the problem here oneplayer directory , in code, give priority first files exist, , then app.get calls.

change code this:

app.use(express.json()); app.use(express.urlencoded()); app.use(express.cookieparser()); app.use(express.session({secret: 'secretkey'})); //not real key   app.get("/oneplayer",authenticate); app.use(express.static(__dirname)); // moved after app.get has lower priority  app.get("/",authenticate);  app.get("/logout",function(req,res) {     req.session.destroy();     res.redirect("/"); });