Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fix bogus sig causing a "Set-Cookie" with "myCookie.sig.sig"

  • Loading branch information...
commit c328df414d08bdc9aece4c76a371e00f9f289602 1 parent f8cbb1f
@mtkopone authored
Showing with 6 additions and 4 deletions.
  1. +4 −4 lib/cookies.js
  2. +1 −0  test/express.js
  3. +1 −0  test/http.js
View
8 lib/cookies.js
@@ -27,10 +27,10 @@ Cookies.prototype = {
data = name + "=" + value
index = this.keys.index(data, remote)
- if (index < 0) this.set(sigName, null, {path: "/"})
-
- else {
- index && this.set(sigName, this.keys.sign(data))
+ if (index < 0) {
+ this.set(sigName, null, {path: "/", signed: false })
+ } else {
+ index && this.set(sigName, this.keys.sign(data), { signed: false })
return value
}
},
View
1  test/express.js
@@ -35,6 +35,7 @@ app.get("/", function(req, res) {
assert.equal( signed, "bar" )
assert.notEqual( tampered, "baz" )
assert.equal( tampered, undefined )
+ assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
res.send(
"unsigned expected: foo\n" +
View
1  test/http.js
@@ -35,6 +35,7 @@ server = http.createServer( function( req, res ) {
assert.equal( signed, "bar" )
assert.notEqual( tampered, "baz" )
assert.equal( tampered, undefined )
+ assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
res.writeHead( 200, { "Content-Type": "text/plain" } )
res.end(
Please sign in to comment.
Something went wrong with that request. Please try again.