Implement custom cookie signature #337
Conversation
index.js
Outdated
| @@ -602,8 +606,8 @@ function issecure(req, trustProxy) { | |||
| * @private | |||
| */ | |||
|
|
|||
| function setcookie(res, name, val, secret, options) { | |||
| var signed = 's:' + signature.sign(val, secret); | |||
There was a problem hiding this comment.
This change is not backwards-compatible, just as a FYI. It would also make the cookies emitted from here unreadable by other modules trying to decode them without them changing. What is the purpose of this change?
There was a problem hiding this comment.
My purpose here was that I need to have full control over the cookie's content. (My end-game is to make express-session compatible with PHP's session management). That means having a "pass-through" signature function (AKA no signature at all).
I have a patch that should (in theory) turn back compatibility while still allowing me to achieve my goals.
|
Looks like the PR is marked as failed because there are not enough tests to cover all the changes made in the PR. Please update the tests to try to cover all added code paths :) |
README.md
Outdated
| Pass in your own cookie signing object/module here that implements the | ||
| `sign(value, secret)` and `unsign(value, secret)` functions. | ||
|
|
||
| The default value is the `node-cookie-signature` module. |
There was a problem hiding this comment.
Typo here, as this module uses the cookie-signature module, not node-cookie-signature.
There was a problem hiding this comment.
We could probably include a link to the npm page for the module as well.
|
Done with all your suggestions :). I think it should be compatible with previous versions now. The |
dougwilson
force-pushed
the
master
branch
2 times, most recently
from
9d2e29b to
408229e
Compare
This is an updated version of #98, that applies properly on current master.