session icon indicating copy to clipboard operation
session copied to clipboard
verified publisher icon expressjs

Use a nonce for cookie regeneration

Open mkawalec opened this issue 7 years ago • 4 comments

This implements https://github.com/expressjs/session/issues/425 by setting up an extra nonce cookie when regenerate is set to true. That nonce is validated against the previous value and refreshed on each request. This adds an additional write per request to the cookie store, regardless of if the state was modified or not.

Also fixes the getCookie method in tests to look at all the cookies set in a response, not just the first one.

mkawalec avatar Dec 18 '18 17:12 mkawalec

@dougwilson @brian-learningpool rereview please

mkawalec avatar Mar 08 '19 15:03 mkawalec

Hi Guys any news on this ?

mihir83in avatar Aug 11 '19 22:08 mihir83in

@mkawalec, apologies for the delay in this, I completely missed the notification that you had updated the PR. Your changes look good but there are conflicts in a couple of files.

Also, I'm just a long-time fan and user of express-session, I don't have contributor access so I'm not sure what my approval is worth.

brian-learningpool avatar Aug 12 '19 08:08 brian-learningpool

Will rebase soon, hopefully we'll get this across the finish line in 2019 :D

mkawalec avatar Dec 22 '19 16:12 mkawalec