Permalink
Browse files

Fix bogus sig causing a "Set-Cookie" with "myCookie.sig.sig"

  • Loading branch information...
1 parent f8cbb1f commit c328df414d08bdc9aece4c76a371e00f9f289602 @mtkopone mtkopone committed Nov 13, 2012
Showing with 6 additions and 4 deletions.
  1. +4 −4 lib/cookies.js
  2. +1 −0 test/express.js
  3. +1 −0 test/http.js
View
@@ -27,10 +27,10 @@ Cookies.prototype = {
data = name + "=" + value
index = this.keys.index(data, remote)
- if (index < 0) this.set(sigName, null, {path: "/"})
-
- else {
- index && this.set(sigName, this.keys.sign(data))
+ if (index < 0) {
+ this.set(sigName, null, {path: "/", signed: false })
+ } else {
+ index && this.set(sigName, this.keys.sign(data), { signed: false })
return value
}
},
View
@@ -35,6 +35,7 @@ app.get("/", function(req, res) {
assert.equal( signed, "bar" )
assert.notEqual( tampered, "baz" )
assert.equal( tampered, undefined )
+ assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
res.send(
"unsigned expected: foo\n" +
View
@@ -35,6 +35,7 @@ server = http.createServer( function( req, res ) {
assert.equal( signed, "bar" )
assert.notEqual( tampered, "baz" )
assert.equal( tampered, undefined )
+ assert.equal(res.getHeader('Set-Cookie'), 'tampered.sig=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; httponly')
res.writeHead( 200, { "Content-Type": "text/plain" } )
res.end(

0 comments on commit c328df4

Please sign in to comment.