lib/jack/session.js @@ -1,17 +1,21 @@ var util = require("util"), - Request = require("jack/request").Request, - Response = require("jack/response").Response, - sha = require("sha"), - HashP = require("hashp").HashP; + Request = require("jack/request").Request, + Response = require("jack/response").Response, + sha = require("sha"), + HashP = require("hashp").HashP; + +var loadSession = function(env){ + var options = env["jsgi.session.options"], + key = options.key, + secret = options.secret; -var loadSession = function(env, key, secret){ var req = new Request(env); var cookie = req.cookies()[key]; if (cookie){ - var cookieParts = decodeURIComponent(cookie).split("--"); - var digest = cookieParts[1]; - var sessionData = cookieParts[0]; + var parts = decodeURIComponent(cookie).split("--"), + digest = env["jsgi.session.digest"] = parts[1]; + sessionData = parts[0]; if (digest == sha.hash(sessionData + secret).decodeToString(64)) { return JSON.parse(sessionData); @@ -28,10 +32,12 @@ var commitSession = function(env, jsgiResponse, key, secret){ var sessionData = JSON.stringify(session); - if (secret){ - var digest = sha.hash(sessionData + secret).decodeToString(64); - sessionData = sessionData + "--" + digest; - } + var digest = sha.hash(sessionData + secret).decodeToString(64); + + // do not serialize if the session is not dirty. + if (digest == env["jsgi.session.digest"]) return jsgiResponse; + + sessionData = sessionData + "--" + digest; if (sessionData.length > 4096) { env["jsgi.errors"] += "Session Cookie data size exceeds 4k! Content dropped"; @@ -50,27 +56,31 @@ var commitSession = function(env, jsgiResponse, key, secret){ return response; } +/** + * Cookie Session Store middleware. + * Does not implicitly deserialize the session, only serializes the session if + * dirty. + */ var Cookie = exports.Cookie = function(app, options) { options = options || {}; util.update(options, /* default options */ { + key: "jsgi.session", domain: null, path: "/", expire_after: null }); - var key = options.key || "jsgi.session", - secret = options.secret; + if (!options.secret) throw new Error("Session secret not defined"); + + var key = options.key, + secret = options.secret; return function(env) { - try { - env["jsgi.session"] = loadSession(env, key, secret); - } catch (err) { - env["jsgi.session"] = {}; - } + env["jsgi.session.loadSession"] = loadSession; env["jsgi.session.options"] = options; var jsgiResponse = app(env); return commitSession(env, jsgiResponse, key, secret); } -} \ No newline at end of file +} lib/jack/session/cookie.js 87dd60189eb6996da0bbfe906494145f2113c0cb George Moschovitis george.moschovitis@gmail.com http://github.com/gmosx/jack/commit/18179f6f79bc59b6d5f01680ea03c1dc9554d279 18179f6f79bc59b6d5f01680ea03c1dc9554d279 2009-10-16T18:19:22-07:00 2009-10-13T03:14:30-07:00 Improved session middleware: explicit deserialization, serialization if dirty. Introduced Session. c287c347b7bb56a928b9fdfd310393ba28c2d758 Tom Robinson tom@280north.com