Skip to content
Permalink
Browse files Browse the repository at this point in the history
SessionStore: replace password with PASSWORD_HIDDEN when storing in db
Fixes #3421.
  • Loading branch information
JohnMcLear authored and muxator committed Apr 1, 2020
1 parent 3e8b426 commit 53f1260
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/node/db/SessionStore.js
Expand Up @@ -38,6 +38,11 @@ SessionStore.prototype.get = function(sid, fn) {
SessionStore.prototype.set = function(sid, sess, fn) {
messageLogger.debug('SET ' + sid);

// don't store passwords in DB
if (sess.user && sess.user.password) {
sess.user.password = "PASSWORD_HIDDEN";
}

db.set("sessionstorage:" + sid, sess);
if (fn) {
process.nextTick(fn);
Expand Down

0 comments on commit 53f1260

Please sign in to comment.