Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'master' of git://github.com/lloyd/cookie-sessions into …

…lloyd-master

Conflicts:
	lib/cookie-sessions.js
  • Loading branch information...
commit 429e5add95647f3a8637d5bbf99f26f05ca85546 2 parents a2e5c87 + c8b290d
@caolan authored
Showing with 13 additions and 3 deletions.
  1. +13 −3 lib/cookie-sessions.js
View
16 lib/cookie-sessions.js
@@ -1,16 +1,26 @@
var crypto = require('crypto');
+var url = require('url');
var exports = module.exports = function(settings){
var default_settings = {
// don't set a default cookie secret, must be explicitly defined
session_key: '_node',
- timeout: 1000 * 60 * 60 * 24 // 24 hours
+ timeout: 1000 * 60 * 60 * 24, // 24 hours
+ path: '/'
};
var s = extend(default_settings, settings);
if(!s.secret) throw new Error('No secret set in cookie-session settings');
+ if(typeof s.path !== 'string' || s.path.indexOf('/') != 0)
+ throw new Error('invalid cookie path, must start with "/"');
+
return function(req, res, next){
+ // if the request is not under the specified path, do nothing.
+ if (url.parse(req.url).pathname.indexOf(s.path) != 0) {
+ next();
+ return;
+ }
// Read session data from a request and store it in req.session
req.session = exports.readSession(
@@ -39,13 +49,13 @@ var exports = module.exports = function(settings){
if ("cookie" in req.headers) {
cookiestr = escape(s.session_key) + '='
+ '; expires=' + exports.expires(0)
- + '; path=/; HttpOnly';
+ + '; path=' + s.path + '; HttpOnly';
}
} else {
cookiestr = escape(s.session_key) + '='
+ escape(exports.serialize(s.secret, req.session))
+ '; expires=' + exports.expires(s.timeout)
- + '; path=/; HttpOnly';
+ + '; path=' + s.path + '; HttpOnly';
}
if (cookiestr !== undefined) {
Please sign in to comment.
Something went wrong with that request. Please try again.