Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Now session support does not work with signed cookies #189

Open
fsateler opened this Issue Mar 28, 2012 · 0 comments

Comments

Projects
None yet
1 participant

The session "parser" in lib/user is just: this.user.session = nowjs.sessions[unescape(cookie)].

This doesn't work with signed cookies (or if one implemented encrypted cookies) since the session id is not the cookie string value.

Possibly nowJS should allow tu use a user-defined function to extract the session id from the cookies. Alternatively one could pass the secret to nowjs so it can validate the cookie is correctly signed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment