Skip to content

add parametrizable get/setcookie #420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add parametrizable get/setcookie #420

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8cb1042
add parametrizable get/setcookie
caub Jan 28, 2017
552f3d6
doc + test
caub Jan 29, 2017
ea91fac
update doc
caub Jan 30, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,34 @@ The default value is `'keep'`.
- `'keep'` The session in the store will be kept, but modifications made during
the request are ignored and not saved.


##### getcookie, setcookie

Allows to specify custom functions to parse and set cookies.

Warnings:
- cookies must be parsed accordingly to how they are set of course
- the function signatures are subject to change in the future

```js
app.use(session({
name: sessionKey,
secret: sessionSecret,
getcookie(req) { // full signature is (req, name, secrets)
var cookies = cookie.parse(headers.cookie || headers.authorization || '');
return signature.unsign(cookies[sessionKey] || '', sessionSecret);
},
setcookie(res, name, val, secret, options) {
var signed = signature.sign(val, sessionSecret);
var data = cookie.serialize(sessionKey, signed, options);
res.setHeader('set-cookie', data);
res.setHeader('Access-Control-Expose-Headers', 'Authorization');
res.setHeader('authorization', data);
},
secret: 'keyboard cat'
}))
```

### req.session

To store or access session data, simply use the request property `req.session`,
Expand Down
8 changes: 6 additions & 2 deletions index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ function session(options) {
// get the save uninitialized session option
var saveUninitializedSession = opts.saveUninitialized

// get optional getcookie and setcookie custom functions
var getcookie = opts.getcookie || getcookieDefault;
var setcookie = opts.setcookie || setcookieDefault;

// get the cookie signing secret
var secret = opts.secret

Expand Down Expand Up @@ -509,7 +513,7 @@ function generateSessionId(sess) {
* @private
*/

function getcookie(req, name, secrets) {
function getcookieDefault(req, name, secrets) {
var header = req.headers.cookie;
var raw;
var val;
Expand Down Expand Up @@ -631,7 +635,7 @@ function issecure(req, trustProxy) {
* @private
*/

function setcookie(res, name, val, secret, options) {
function setcookieDefault(res, name, val, secret, options) {
var signed = 's:' + signature.sign(val, secret);
var data = cookie.serialize(name, signed, options);

Expand Down
74 changes: 74 additions & 0 deletions test/getcookie.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
'use strict';
process.env.NO_DEPRECATION = 'express-session';

var after = require('after')
var assert = require('assert')
var express = require('express')
, request = require('supertest')
, cookieParser = require('cookie-parser')
, session = require('../')
, Cookie = require('../session/cookie')
var fs = require('fs')
var http = require('http')
var https = require('https')
var util = require('util')
var cookie = require('cookie')
var signature = require('cookie-signature')

var min = 60 * 1000;

describe('session getcookie()', function(){

var sessionKey = 'foo';
var sessionSecret = 'bar';

var app = express()
.use(session({
name: sessionKey,
secret: sessionSecret,
getcookie: function(req) {
var cookies = cookie.parse(req.headers.authorization || '');
return signature.unsign(cookies[sessionKey] || '', sessionSecret);
},
setcookie: function(res, name, val, secret, options) {
var signed = signature.sign(val, secret);
var data = cookie.serialize(name, signed, options);
// res.setHeader('Access-Control-Expose-Headers', 'Authorization'); necessary with cors
res.setHeader('authorization', data);
}
}))
.post('/', function(req, res) {
req.session.user = 'John';
return res.json({ok: 1})
})
.get('/', function(req, res) {
res.json({user: req.session.user});
});


var data;

it('should set a session, and send it in authorization header', function(done){

request(app)
.post('/')
.expect(function (res) {
data = res.headers.authorization;
})
.expect(200, done)
})

it('should get the session using authorization header', function(done){

request(app)
.get('/')
.set('Authorization', data)
.expect(function (res) {
assert.equal(res.body.user, 'John')
})
.expect(200, done)

})

})

2 changes: 2 additions & 0 deletions test/session.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2084,6 +2084,8 @@ describe('session()', function(){
})
})



function cookie(res) {
var setCookie = res.headers['set-cookie'];
return (setCookie && setCookie[0]) || undefined;
Expand Down