I added a few options for tuning the cookies. You can now set the 'do…

…main' and make the cookie 'secure' as well as 'max-age' will be sent if useMaxAge is true. Just to be complete, I made it so that you could also selectively turn on/off setting 'expires' and 'HttpOnly' with useExpires and useHttpOnly options, but the defaults shouldn't change any existing uses of cookie-sessions, except that useMaxAge is true by default.
publickeating · May 13, 2011 · 292749b · 292749b
1 parent 9b47888
commit 292749b
Showing 1 changed file with 18 additions and 10 deletions.
diff --git a/lib/cookie-sessions.js b/lib/cookie-sessions.js
@@ -19,8 +19,13 @@ exports = module.exports = function(settings){
     var default_settings = {
         // don't set a default cookie secret, must be explicitly defined
         session_key: '_node',
-        timeout: 1000 * 60 * 60 * 24, // 24 hours
-        path: '/'
+        timeout: 60 * 60 * 24, // 24 hours in seconds
+        path: '/',
+        domain: null,
+        secure: false,
+        useMaxAge: true,
+        useExpires: true,
+        useHttpOnly: true
     };
     var s = extend(default_settings, settings);
     if(!s.secret) throw new Error('No secret set in cookie-session settings');
@@ -61,19 +66,22 @@ exports = module.exports = function(settings){
             var cookiestr;
             if (req.session === undefined) {
                 if ("cookie" in req.headers) {
-                    cookiestr = escape(s.session_key) + '='
-                        + '; expires=' + exports.expires(0)
-                        + '; path=' + s.path + '; HttpOnly';
+                    cookiestr = escape(s.session_key) + '=';
+                    s.timeout = 0;
                 }
             } else {
-                cookiestr = escape(s.session_key) + '='
-                    + escape(exports.serialize(s.secret, req.session))
-                    + '; expires=' + exports.expires(s.timeout)
-                    + '; path=' + s.path + '; HttpOnly';
+                cookiestr = escape(s.session_key) + '=' + escape(exports.serialize(s.secret, req.session));
             }
 
+            if (s.useExpires)  cookiestr += '; expires=' + exports.expires(s.timeout * 1000); // In milliseconds
+            if (s.useMaxAge)   cookiestr += '; max-age=' + s.timeout; // In seconds
+            if (s.path)        cookiestr += '; path=' + s.path;
+            if (s.domain)      cookiestr += '; domain=' + s.domain;
+            if (s.secure)      cookiestr += '; secure';
+            if (s.useHttpOnly) cookiestr += '; HttpOnly';
+
             if (cookiestr !== undefined) {
-                if(Array.isArray(headers)) { 
+                if(Array.isArray(headers)) {
                     headers.push(['Set-Cookie', cookiestr]);
                 } else {
                     // if a Set-Cookie header already exists, convert headers to