req.session is 'undefined' outside the user.authenticate() callback function

var express = require('express');
var bodyParser = require('body-parser');
var mongoose = require('mongoose');
var session = require('express-session');
var app = express();

// mongodb Connection
mongoose.connect('mongodb://localhost/bookworm', { useMongoClient: true });
var db = mongoose.connection;
//mongo error
db.on('error', console.error.bind(console, "connection error"));

//session
app.use(session( {
  secret: 'treehouse loves you',
  resave: true,
  saveUninitialized: false
}));
// parse incoming requests
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));

// serve static files from /public
app.use(express.static(__dirname + '/public'));

// view engine setup
app.set('view engine', 'pug');
app.set('views', __dirname + '/views');

// include routes
var routes = require('./routes/index');
app.use('/', routes);

:
:
:

:
:
router.post('/login', (req, res, next) =>{
  if(req.body.email && req.body.password){
    user.authenticate(req.body.email, req.body.password, function (error, user){
      if(error || !user){
        return next(error);
      }else{
        req.session.userId = user._id;
        console.log(req.session.userId);
        return res.redirect('/profile');
      }
    })
  }else{
    var error = new Error("Not All Fields Filled Out.");
    error.status= 401;
    next(error);
  }
});
//GET /profile
router.get('/profile', (res, req, next) => {
  console.log('profile');
  console.log(req.session);
  console.log('after');
  if(! req.session.userId){
    var error = new Error("User Not Authenticated");
    error.status = 403;
    return next(error);
  }
  user.findById(req.session.userId, function(err,user){
    if (err){
      return next(err);
    }else{
      res.render('profile',{name:user.name, favorite:user.favoriteBook});
    }  
  })
});
:
: