-
-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make cookieName mandatory? #54
Comments
I'd be for this, just now trying to figure out where cookiename goes. Just installed the package and am not looking for intellisense for typescript, to then figure out where cookie name goes :) |
@Dashue Do you mean that when using this package (thanks), your editor did not suggest the cookieName option? (https://github.com/vvo/next-iron-session#withironsessionhandler--password-ttl-cookiename-cookieoptions-) I happen to be working on the package right now so I will just do that (make it mandatory) |
Exactly, I'm using typescript. Not sure if you're shipping declaration files? |
BREAKING CHANGE: cookieName is now mandatory, to avoid issues of shared cookieNames in examples etc.. fixes #54
…uired New features: - an Express/Connect middleware: import { ironSession } from "next-iron-session" app.use(ironSession(options)) or router.get("/", ironSession(options), (req, res, next) => {}); - import { applySession } from "next-iron-session": await applySession(req, res, options); Examples: - moved to examples/ folder - added an Express example BREAKING CHANGE: - you need to import withIronSession as a named export: before: import withIronSession from "next-iron-session" after: import { withIronSession } from "next-iron-session" - cookieName option is now mandatory (#54) fixes #54 fixes #9 fixes #41
…uired New features: - an Express/Connect middleware: import { ironSession } from "next-iron-session" app.use(ironSession(options)) or router.get("/", ironSession(options), (req, res, next) => {}); - import { applySession } from "next-iron-session": await applySession(req, res, options); Examples: - moved to examples/ folder - added an Express example BREAKING CHANGE: - you need to import withIronSession as a named export: before: import withIronSession from "next-iron-session" after: import { withIronSession } from "next-iron-session" - cookieName option is now mandatory (#54) fixes #54 fixes #9 fixes #41
🎉 This issue has been resolved in version 4.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
🎉 This issue has been resolved in version 4.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
Hi, what am I expected to do to fix this error? Add an explicit cookie name? I have this warning when running my Cypress e2e tests in headless mode, it might be a different issue, are there scenarios where the Hmac value cannot be computed? I couldn't find much documentation about this error |
When developing multiple websites on the same host (localhost:3000), then the cookieName and value can be shared between applications. While this is not a security issue (localhost), it's still annoying because it will lead to errors like "Error: Bad hmac value" because we're trying to decode appx cookie using the password of appy.
By making cookieName mandatory, we could avoid that and recommend to always use __appx __appy cookie names
The text was updated successfully, but these errors were encountered: