Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Replace brittle Store.generate() with safer mechanism.

  • Loading branch information...
commit a9282d17366cb8590f578b46fe7ad25f03097784 1 parent 0d223ef
@devijvers authored
Showing with 17 additions and 4 deletions.
  1. +16 −2 lib/middleware/session.js
  2. +1 −2  lib/middleware/session/store.js
View
18 lib/middleware/session.js
@@ -261,13 +261,20 @@ function session(options){
}
// generates the new session
- var generate = store.generate = function(){
+ var generate = (function _generate(){
var base = utils.uid(24);
var sessionID = base + '.' + hash(base);
req.sessionID = sessionID;
req.session = new Session(req);
+ var session_regenerate = Session.prototype.regenerate;
+ req.session.__proto__.regenerate = function(fn) {
+ return session_regenerate.call(this, function(err) {
+ _generate();
+ fn(err);
+ });
+ };
req.session.cookie = new Cookie(cookie);
- };
+ });
// get the sessionID from the cookie
req.sessionID = req.cookies[key];
@@ -317,6 +324,13 @@ function session(options){
if ('string' == typeof expires) sess.cookie.expires = new Date(expires);
sess.cookie.originalMaxAge = orig;
req.session = new Session(req, sess);
+ var session_regenerate = Session.prototype.regenerate;
+ req.session.__proto__.regenerate = function(fn) {
+ return session_regenerate.call(this, function(err) {
+ generate();
+ fn(err);
+ });
+ };
req.session.resetLastAccess();
next();
}
View
3  lib/middleware/session/store.js
@@ -32,7 +32,6 @@ var Store = module.exports = function Store(options){};
Store.prototype.regenerate = function(req, fn){
var self = this;
this.destroy(req.sessionID, function(err){
- self.generate();
fn(err);
});
-};
+};
Please sign in to comment.
Something went wrong with that request. Please try again.