-
-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
req.session.save() overrides existing Set-Cookie header values #112
Comments
This commit fixes a case where previous set-cookie headers were ignored through the request lifecycle. This is now fixed and handles both single and multiple set-cookie header values. Since in Node.js you can do: res.setHeader("set-cookie", "name=value"); and res.setHeader("set-cookie", ["name=value", "name2=value2"]) fixes #112
@mwisner thanks for the report, I have been working on a fix for this. When this is released can you try again? Thanks! |
This commit fixes a case where previous set-cookie headers were ignored through the request lifecycle. This is now fixed and handles both single and multiple set-cookie header values. Since in Node.js you can do: res.setHeader("set-cookie", "name=value"); and res.setHeader("set-cookie", ["name=value", "name2=value2"]) fixes #112
🎉 This issue has been resolved in version 4.1.5 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Hi there, I think #117 fixed |
(handling this in another issue @lkbr, solved) |
🙏 |
https://github.com/vvo/next-iron-session/blob/master/lib/index.js#L62-L65
I "think" this line:
res.setHeader("set-cookie", [cookieValue]
is assuming that there were no other attempts to set cookies before callingreq.session.save()
It looks like destroy does something similar: https://github.com/vvo/next-iron-session/blob/master/lib/index.js#L73
I think these calls don't seem to keep any existing values in the Set-Cookie header?
This doesn't seem to work:
But this works fine:
*destoyCookie comes from this package: https://github.com/maticzav/nookies which I am using to manage other cookies.
This kind of hung me up a little bit and required a fair bit of debugging and moving code around trying to understand why my extra cookies weren't being set.
The text was updated successfully, but these errors were encountered: