I have used passport, which adds req.user to the incoming request if a valid user is logged in to the application.
I was wondering if it is possible for a client to f
