From e56835703e26818d854e4e1a7ad75c9ca3858227 Mon Sep 17 00:00:00 2001
From: Max Nanasy <max.nanasy@gmail.com>
Date: Sun, 18 Nov 2012 02:54:16 -0800
Subject: [PATCH] Fix potential security issue by ensuring that
 idToSessionMap.hasOwnProperty(sessionId)

---
 pick-a-number-node/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pick-a-number-node/server.js b/pick-a-number-node/server.js
index a409da9..7aa666b 100755
--- a/pick-a-number-node/server.js
+++ b/pick-a-number-node/server.js
@@ -34,7 +34,7 @@ http.createServer(function (request, response) {
     urlParse = url.parse(request.url, true);
   var
     sessionId = cookies.get('sessionId'),
-    session = sessionId && idToSessionMap[sessionId];
+    session = idToSessionMap.hasOwnProperty(sessionId) && idToSessionMap[sessionId];
   switch (urlParse.pathname) {
     case '/':
       response.writeOnlyHead(httpStatus.FOUND, { 'Location': 'game/' });