Skip to content

Commit 4deb197

Browse files
JamesMGreeneJamesMGreene
committed
Expire cookie immediately upon destroying session
Fixes #241.
1 parent 50cdae2 commit 4deb197

File tree

2 files changed

+419
-16
lines changed

2 files changed

+419
-16
lines changed

Diff for: index.js

+47-12
Original file line numberDiff line numberDiff line change
@@ -142,11 +142,7 @@ function session(options){
142142
store.generate = function(req){
143143
req.sessionID = generateId(req);
144144
req.session = new Session(req);
145-
req.session.cookie = new Cookie(cookieOptions);
146-
147-
if (cookieOptions.secure === 'auto') {
148-
req.session.cookie.secure = issecure(req, trustProxy);
149-
}
145+
req.session.cookie = createCookie(cookieOptions, req, trustProxy);
150146
};
151147

152148
var storeImplementsTouch = typeof store.touch === 'function';
@@ -187,26 +183,46 @@ function session(options){
187183

188184
// set-cookie
189185
onHeaders(res, function(){
186+
// Is this an existing session that is being destroyed?
187+
var isBeingDestroyed = !!cookieId && shouldDestroy(req);
188+
190189
if (!req.session) {
191190
debug('no session');
192-
return;
191+
if (!isBeingDestroyed) {
192+
return;
193+
}
193194
}
194195

195-
if (!shouldSetCookie(req)) {
196-
return;
196+
var cookie = req.session ? req.session.cookie : undefined;
197+
198+
if (isBeingDestroyed) {
199+
if (cookie == null) {
200+
debug('creating expired cookie');
201+
cookie = createCookie(cookieOptions, req, trustProxy);
202+
}
203+
204+
// Set the cookie to immediately expire on the client
205+
cookie.maxAge = 0;
197206
}
198207

199208
// only send secure cookies via https
200-
if (req.session.cookie.secure && !issecure(req, trustProxy)) {
209+
if (cookie.secure && !issecure(req, trustProxy)) {
201210
debug('not secured');
202211
return;
203212
}
204213

205-
// touch session
206-
req.session.touch();
214+
if (!isBeingDestroyed) {
215+
if (!shouldSetCookie(req)) {
216+
return;
217+
}
218+
else {
219+
// touch session
220+
req.session.touch();
221+
}
222+
}
207223

208224
// set cookie
209-
setcookie(res, name, req.sessionID, secrets[0], req.session.cookie.data);
225+
setcookie(res, name, req.sessionID, secrets[0], cookie.data);
210226
});
211227

212228
// proxy end() to commit the session
@@ -436,6 +452,25 @@ function session(options){
436452
};
437453
};
438454

455+
/**
456+
* Create a new Cookie for this request.
457+
*
458+
* @param {Object} cookieOptions
459+
* @param {Object} req
460+
* @param {Boolean} [trustProxy]
461+
* @return {Cookie}
462+
* @private
463+
*/
464+
function createCookie(cookieOptions, req, trustProxy) {
465+
var cookieOpts = cookieOptions || {};
466+
467+
var cookie = new Cookie(cookieOpts);
468+
if (cookieOpts.secure === 'auto') {
469+
cookie.secure = issecure(req, trustProxy);
470+
}
471+
return cookie;
472+
}
473+
439474
/**
440475
* Generate a session ID for a new session.
441476
*

0 commit comments

Comments
 (0)