diff --git a/install/package.json b/install/package.json
index e9debbe6bd..c7248c007b 100644
--- a/install/package.json
+++ b/install/package.json
@@ -104,7 +104,7 @@
         "nodebb-widget-essentials": "6.0.0",
         "nodemailer": "6.7.7",
         "nprogress": "0.2.0",
-        "passport": "0.5.2",
+        "passport": "0.6.0",
         "passport-http-bearer": "1.0.1",
         "passport-local": "1.0.0",
         "pg": "8.7.3",
diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index b97b0ca8c2..7b8af8e885 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -351,7 +351,7 @@ authenticationController.doLogin = async function (req, uid) {
 		}
 	}
 
-	await loginAsync({ uid: uid });
+	await loginAsync({ uid: uid }, { keepSessionInfo: true });
 	await authenticationController.onSuccessfulLogin(req, uid);
 };
 
@@ -459,6 +459,7 @@ authenticationController.localLogin = async function (req, username, password, n
 };
 
 const destroyAsync = util.promisify((req, callback) => req.session.destroy(callback));
+const logoutAsync = util.promisify((req, callback) => req.logout(callback));
 
 authenticationController.logout = async function (req, res, next) {
 	if (!req.loggedIn || !req.sessionID) {
@@ -470,7 +471,7 @@ authenticationController.logout = async function (req, res, next) {
 
 	try {
 		await user.auth.revokeSession(sessionID, uid);
-		req.logout();
+		await logoutAsync();
 
 		await destroyAsync(req);
 		res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
diff --git a/src/middleware/header.js b/src/middleware/header.js
index f5722508b0..1086318d57 100644
--- a/src/middleware/header.js
+++ b/src/middleware/header.js
@@ -41,8 +41,10 @@ middleware.buildHeader = helpers.try(async (req, res, next) => {
 	]);
 
 	if (!canLoginIfBanned && req.loggedIn) {
-		req.logout();
-		return res.redirect('/');
+		req.logout(() => {
+			res.redirect('/');
+		});
+		return;
 	}
 
 	res.locals.config = config;
diff --git a/src/middleware/user.js b/src/middleware/user.js
index 827e1e204a..db3a97ef08 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -35,7 +35,7 @@ module.exports = function (middleware) {
 	async function authenticate(req, res) {
 		async function finishLogin(req, user) {
 			const loginAsync = util.promisify(req.login).bind(req);
-			await loginAsync(user);
+			await loginAsync(user, { keepSessionInfo: true });
 			await controllers.authentication.onSuccessfulLogin(req, user.uid);
 			req.uid = user.uid;
 			req.loggedIn = req.uid > 0;
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index b2b4f0bf6d..b3f9bcba40 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -139,7 +139,7 @@ Auth.reloadRoutes = async function (params) {
 			})(req, res, next);
 		}, Auth.middleware.validateAuth, (req, res, next) => {
 			async.waterfall([
-				async.apply(req.login.bind(req), res.locals.user),
+				async.apply(req.login.bind(req), res.locals.user, { keepSessionInfo: true }),
 				async.apply(controllers.authentication.onSuccessfulLogin, req, req.uid),
 			], (err) => {
 				if (err) {