uppercase cookie names #383

Closed
ammmir opened this Issue Sep 28, 2011 · 3 comments

Comments

Projects
None yet
4 participants

ammmir commented Sep 28, 2011

If the session middleware is configured with a cookie containing uppercase letters, the session will never be found due to node canonicalizing the req.cookies hash.

The fix (on line https://github.com/senchalabs/connect/blob/master/lib/middleware/session.js#L300) is trivial, change

req.sessionID = req.cookies[key];

to

req.sessionID = req.cookies[key.toLowerCase()];

Member

tj commented Sep 28, 2011

req.cookies is Connect as well (cookieParser())

it has problems when cookie names is shorter than 3 characters or contains any Capital letters

Contributor

jonathanong commented Oct 22, 2013

still an issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment