Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Implement custom cookie signature #337
Conversation
| @@ -602,8 +606,8 @@ function issecure(req, trustProxy) { | |||
| * @private | |||
| */ | |||
|
|
|||
| function setcookie(res, name, val, secret, options) { | |||
| var signed = 's:' + signature.sign(val, secret); | |||
dougwilson
Aug 15, 2016
Member
This change is not backwards-compatible, just as a FYI. It would also make the cookies emitted from here unreadable by other modules trying to decode them without them changing. What is the purpose of this change?
roblabla
Aug 16, 2016
Author
My purpose here was that I need to have full control over the cookie's content. (My end-game is to make express-session compatible with PHP's session management). That means having a "pass-through" signature function (AKA no signature at all).
I have a patch that should (in theory) turn back compatibility while still allowing me to achieve my goals.
|
Looks like the PR is marked as failed because there are not enough tests to cover all the changes made in the PR. Please update the tests to try to cover all added code paths :) |
| Pass in your own cookie signing object/module here that implements the | ||
| `sign(value, secret)` and `unsign(value, secret)` functions. | ||
|
|
||
| The default value is the `node-cookie-signature` module. |
dougwilson
Aug 15, 2016
Member
Typo here, as this module uses the cookie-signature module, not node-cookie-signature.
dougwilson
Aug 15, 2016
Member
We could probably include a link to the npm page for the module as well.
| @@ -78,6 +78,8 @@ var defer = typeof setImmediate === 'function' | |||
| * @param {Boolean} [options.saveUninitialized] Save uninitialized sessions to the store | |||
| * @param {String|Array} [options.secret] Secret for signing session ID | |||
| * @param {Object} [options.store=MemoryStore] Session store | |||
| * @param {Object} [options.signature] Object that has the same API as node-cookie-signature | |||
dougwilson
Aug 15, 2016
Member
Typo: node-cookie-signature -> cookie-signature
Also, I'm not sure we should define our API as "being the same as another module". Perhaps just spell out what we want and just say that cookie-signature is what is following our API, instead of the other way around.
|
Done with all your suggestions :). I think it should be compatible with previous versions now. The |
This is an updated version of #98, that applies properly on current master.