State autoValue function overwrites existing cookie value #3831
Description
Are you sure this is an issue with the hapi core module or are you just looking for some help?
Yeah—either an issue with hapi core, or a doc issue within API.md.
Is this a security related issue?
Nah.
What are you trying to achieve or the steps to reproduce?
I’ve been configuring a state autoValue.
My goal is this: if the cookie does not exist, it should be set with an automatically generated value. If it does exist, the value should be left as-is.
The documentation in API.md describes this option:
autoValue- if present and the cookie was not received from the client or explicitly set by the route handler, the cookie is automatically added to the response with the provided value. The value can be a function with signatureasync function(request)
What was the result you received?
Using this sample script:
const Hapi = require('hapi');
const server = Hapi.server({
port: 3000,
host: 'localhost'
});
server.state('test-cookie', {
isSecure: false,
autoValue: async () => `${new Date().getTime()}`,
});
server.route({
method: 'GET',
path: '/',
handler: () => 'Test Cookie',
});
const init = async () => {
await server.start();
console.log(`Server running at: ${server.info.uri}`);
};
init();- First request made without a cookie: a new cookie is set, with value from
autoValue - Second request made with cookie: cookie is overwritten, with value from
autoValue
What did you expect?
- First request made without a cookie: a new cookie is set, with value from
autoValue - Second request made with cookie: cookie value is left as-is
Context
- node version: 10.12.0
- hapi version: 17.6.0
- os: Mac OSX High Sierra (10.13.6)
- any other relevant information: