Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Bad cookie value even with clearInvalid true #34
Trying to use hapi-auth-cookie with a custom cookie name, validationFunc, and random password on each app restart seems to lead to "Bad cookie value" response anytime the app restarts. I thought clearInvalid would automatically clear the cookie, but it doesn't appear to.
Dirty sample below that shows basically what I'm doing without all the login/logout/etc... for clarity.
Any pointers on where I'm going wrong?
What's the exact behavior?
This is how it should work as you an see from the tests:
Sorry it took me so long to get back to this. What happens when I try it is:
In the end, the cookie never gets removed so the user never gets a new cookie.
This is the easiest example:
Start it, log in. Refresh the page see that it works. Restart the server. Refresh the page. Get error no matter what:
Sorry, minor typo when I was copying from the doc's page to here, should have been:
Following the same pattern get the same results. Cookie never cleared.
I plan on looking into this but it isn't actually causing me any harm at this point.
Actually placing some logging messages in scheme.authenticate it never gets called with the invalid cookie. So I'm guessing before scheme.authenticate gets called something internal to Hapi is trying to decode the cookie, seeing it as invalid and returning the error:
Found it, in lib/index.js on line 34 you copy the configuration object:
but never copy the clearInvalid flag. Changing the above code to:
Resolves the issue. I'll put together a PR and test case tomorrow if I have some time.