Please sign in to comment.
Add opts.overwrite to clear out previously set cookies of the same name
This requires that the cookie header array is filtered when this flag is set. Since connect/express have custom handling for setHeader('Set-Cookie'), we need to bypass that to be able to fully control which cookies get written to the response. Hence the crazy prototype setup, to find a "working" setHeader without connect/express magic. Caveat: Currently overwrites all cookies with the same name, regardless of path or domain. This is why I didn't make this global behaviour, so now the default is to behave as previously, but give the user the option to clear out any duplicates out of the request. Reasoning for the whole commit: we can have a situation where one of our signed authentication cookies is corrupt (e.g. bad sig) but it's "parent" cookie is OK so we can regenerate the corrupt cookie by checking the parent cookie with a SSO-service. In this case, the cookies.get('child') tries to clear the 'child.sig'-cookie, with a 'Set-Cookie' with an empty value. Later, the SSO-check rewrites a correct 'child' cookie with it's sig. Without the overwrite flag, the .sig cookie gets duplicated into the 'Set-Cookie' header.
- Loading branch information...
Showing with 38 additions and 9 deletions.