Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Session middleware fails to add session when request contains absoluteURI #762
When using the Session middleware, if we send in a GET request where the Request-URI is an abs_path:
Then the middleware will correctly add the session. If, however, we use the absoluteURI version of Request-URI:
then session will fail to create/add the req.session object. The problem is in lib/middleware/session.js:
This fails, since "http://myserver.com/dostuff" doesn't start with a "/".
It is a little unusual for a web browser to send the absoluteURI form of a Request-URI, however as the spec says:
We should be checking for an absolute URL and parsing out the path portion.