It's the same with those lines removed.
The cookie is fine, it says
{"serverPassword":"qwerty","username":"mm"}
on both ends. It must be something after the authentication.
here's the next() function in redirectIfNoAuth, if that helps:
if (err && err === 'route') {
return done();
}
var layer = stack[idx++];
if (!layer) {
return done(err);
}
if (layer.method && layer.method !== method) {
return next(err);
}
if (err) {
layer.handle_error(err, req, res, next);
} else {
layer.handle_request(req, res, next);
}
}