Yes.
This allows you to save and retrieve user data from session storage . It can be memory, redis or any other database.
If you like reading the source code, you will see that it is passport.sessioninvolved, since it will restore the login state from the session and deserializeUserreceive information about it from the user.
Authenticator.prototype.session serializeUser deserializeUser, /.