cookie-sessions icon indicating copy to clipboard operation
cookie-sessions copied to clipboard
verified publisher icon caolan

Don't throw on invalid cookies

Open bkw opened this issue 14 years ago • 5 comments

Since cookies are user input, we shouldn't throw an exception if the cookie does not pass our tests. Imho ignoring it is sufficient.

Maybe we could emit an event for debugging purposes, but certainly not an error.

bkw avatar Mar 18 '11 09:03 bkw

+1. As it stands now, client code must clumsily work around it at a higher level, something like:

server.use(express.cookieParser());

var cookieSessionMiddleware = sessions({
    secret: COOKIE_SECRET,
    session_key: COOKIE_KEY,
    path: '/'
});

server.use(function(req, resp, next) {
    try {
        cookieSessionMiddleware(req, resp, next);
    } catch(e) {
        console.log("invalid cookie found: ignoring");
        delete req.cookies[COOKIE_KEY];
        cookieSessionMiddleware(req, resp, next);
    }
});

lloyd avatar Jun 21 '11 19:06 lloyd

+1

hiddentao avatar Nov 17 '11 09:11 hiddentao

+1

Is this project still being worked on? Any better alternatives?

jasoo24 avatar May 30 '12 22:05 jasoo24

We're now using benadida/node-client-sessions - fwiw

--lloyd

On May 31, 2012, at 1:41 AM, Jason [email protected] wrote:

+1

Is this project still being worked on? Any better alternatives?

Reply to this email directly or view it on GitHub: https://github.com/caolan/cookie-sessions/pull/9#issuecomment-6023651

lloyd avatar May 31 '12 00:05 lloyd

source: https://github.com/benadida/node-client-sessions

in npm: http://search.npmjs.org/#/client-sessions

lloyd avatar May 31 '12 12:05 lloyd