diff --git a/README.md b/README.md index 759d029..693fe67 100644 --- a/README.md +++ b/README.md @@ -66,10 +66,10 @@ The name of the session cookie. Defaults to `sessionId`. ##### cookie The options object is used to generate the `Set-Cookie` header of the session cookie. May have the following properties: * `path` - The `Path` attribute. Defaults to `/` (the root path). -* `maxAge` - A `number` in milliseconds that specifies the `Expires` attribute by adding the specified milliseconds to the current date. If both `expires` and `maxAge` are set, then `expires` is used. +* `maxAge` - A `number` in milliseconds that specifies the `Expires` attribute by adding the specified milliseconds to the current date. If both `expires` and `maxAge` are set, then `maxAge` is used. * `httpOnly` - The `boolean` value of the `HttpOnly` attribute. Defaults to true. * `secure` - The `boolean` value of the `Secure` attribute. Set this option to false when communicating over an unencrypted (HTTP) connection. Value can be set to `auto`; in this case, the `Secure` attribute will be set to false for an HTTP request. In the case of HTTPS, it will be set to true. Defaults to true. -* `expires` - The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `expires` is used. +* `expires` - The expiration `date` used for the `Expires` attribute. If both `expires` and `maxAge` are set, then `maxAge` is used. * `sameSite`- The `boolean` or `string` of the `SameSite` attribute. Using `Secure` mode with `auto` attribute will change the behavior of the `SameSite` attribute in `http` mode. The `SameSite` attribute will automatically be set to `Lax` with an `http` request. See this [link](https://www.chromium.org/updates/same-site). * `domain` - The `Domain` attribute. diff --git a/test/cookie.test.js b/test/cookie.test.js index 114cb9d..8a49f0c 100644 --- a/test/cookie.test.js +++ b/test/cookie.test.js @@ -396,3 +396,29 @@ test('should set session secure cookie secureAuto x-forwarded-proto header', asy t.is(statusCode, 200) t.regex(cookie, /sessionId=[\w-]{32}.[\w-%]{43,55}; Path=\/; HttpOnly; Secure/) }) + +test('should use maxAge instead of expires in session if both are set in options.cookie', async (t) => { + t.plan(3) + const expires = new Date() + expires.setTime(34214461000) // 1971-02-01T00:01:01.000Z + const options = { + secret: 'cNaoPYAwF60HZJzkcNaoPYAwF60HZJzk', + cookie: { maxAge: 1000, expires } + } + const port = await testServer((request, reply) => { + request.session.test = {} + reply.code(200).send(Date.now().toString()) + }, options) + + const { statusCode, cookie, body } = await request({ + url: `http://localhost:${port}`, + headers: { 'x-forwarded-proto': 'https' } + }) + + const dateFromBody = new Date(Number(body)) + t.is(statusCode, 200) + // Expires attribute should be determined by options.maxAge -> Date.now() + 1000 and should have the same year from response.body, + // and not determined by options.expires and should not have the year of 1971 + t.notRegex(cookie, /sessionId=[\w-]{32}.[\w-%]{43,55}; Path=\/; Expires=\w+, \d+ \w+ 1971 \d{2}:\d{2}:\d{2} GMT; HttpOnly; Secure/) + t.regex(cookie, new RegExp(String.raw`sessionId=[\w-]{32}.[\w-%]{43,55}; Path=\/; Expires=\w+, \d+ \w+ ${dateFromBody.getFullYear()} \d{2}:\d{2}:\d{2} GMT; HttpOnly; Secure`)) +})