Disable session in Express app config

Just save the result in a variable and re-use it:

var PassportAuthenticateMiddleware = passport.authenticate('hash', {session:false});...app.get('/users',    PassportAuthenticateMiddleware, controllers.users.getAll);app.get('/users/me', PassportAuthenticateMiddleware, controllers.users.getCurrentUser);

(or do as @hexacyanide suggests and use the middleware globally, if that's an option in your setup)

Alternatively, you can use something similar to this:

app.all('/users*',   passport.authenticate('hash', {session:false}));app.get('/users',    controllers.users.getAll);app.get('/users/me', controllers.users.getCurrentUser);

This will filter all requests (instead of .all you can use .get too) whose URL starts with /users to be run through the authentication middleware.

The authenticator itself is middleware. Therefore, you can assign it globally.

app.use(express.bodyParser());app.use(passport.initialize());app.use(passport.authenticate('hash', {session:false}));

I guess that you have some routes which need session. It is possible to set this globally, but this will not work in your case. What you can do is to improve the code a bit:

var controller = function(controller) {    return function(req, res, next) {        passport.authenticate('hash', {session:false})(req, res, next);        controller(req, res, next);    }}app.get('/users', controller(controllers.users.getAll));app.get('/users/me', controller(controllers.users.getCurrentUser));