Make cookieName mandatory? #54
Comments
|
I'd be for this, just now trying to figure out where cookiename goes. Just installed the package and am not looking for intellisense for typescript, to then figure out where cookie name goes :) |
|
@Dashue Do you mean that when using this package (thanks), your editor did not suggest the cookieName option? (https://github.com/vvo/next-iron-session#withironsessionhandler--password-ttl-cookiename-cookieoptions-) I happen to be working on the package right now so I will just do that (make it mandatory) |
|
Exactly, I'm using typescript. Not sure if you're shipping declaration files? |
|
FWIW: I am not using typescript and I get autocomplete by default,
I do not ship declaration files (since I am not using TS I don't even know how to do so). But I welcome any PR adding some. |
BREAKING CHANGE: cookieName is now mandatory, to avoid issues of shared cookieNames in examples etc.. fixes #54
…uired
New features:
- an Express/Connect middleware: import { ironSession } from "next-iron-session"
app.use(ironSession(options))
or router.get("/", ironSession(options), (req, res, next) => {});
- import { applySession } from "next-iron-session":
await applySession(req, res, options);
Examples:
- moved to examples/ folder
- added an Express example
BREAKING CHANGE:
- you need to import withIronSession as a named export:
before: import withIronSession from "next-iron-session"
after: import { withIronSession } from "next-iron-session"
- cookieName option is now mandatory (#54)
fixes #54
fixes #9
fixes #41
…uired
New features:
- an Express/Connect middleware: import { ironSession } from "next-iron-session"
app.use(ironSession(options))
or router.get("/", ironSession(options), (req, res, next) => {});
- import { applySession } from "next-iron-session":
await applySession(req, res, options);
Examples:
- moved to examples/ folder
- added an Express example
BREAKING CHANGE:
- you need to import withIronSession as a named export:
before: import withIronSession from "next-iron-session"
after: import { withIronSession } from "next-iron-session"
- cookieName option is now mandatory (#54)
fixes #54
fixes #9
fixes #41
|
🎉 This issue has been resolved in version 4.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
🎉 This issue has been resolved in version 4.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
Hi, what am I expected to do to fix this error? Add an explicit cookie name? I have this warning when running my Cypress e2e tests in headless mode, it might be a different issue, are there scenarios where the Hmac value cannot be computed? I couldn't find much documentation about this error |
When developing multiple websites on the same host (localhost:3000), then the cookieName and value can be shared between applications. While this is not a security issue (localhost), it's still annoying because it will lead to errors like "Error: Bad hmac value" because we're trying to decode appx cookie using the password of appy.
By making cookieName mandatory, we could avoid that and recommend to always use __appx __appy cookie names
The text was updated successfully, but these errors were encountered: