Add new cookie.ephemeral option defaulting to false

This option ensures that the cookie is expired by the browser when it closes. It used to be the default but this was changed in a2b144ccf7.
2013-09-02 03:39:10 +02:00 · 2013-09-02 03:39:10 +02:00 · 8588ecf0fa
--- a/README.md
+++ b/README.md
@ -37,6 +37,7 @@ You can control more specific cookie behavior during setup:
      cookie: {
        path: '/api', // cookie will only be sent to requests under '/api'
        maxAge: 60000, // duration of the cookie in milliseconds, defaults to duration above
+        ephemeral: false, // when true, cookie expires when the browser closes
        httpOnly: true, // when true, cookie is not accessible from javascript
        secure: false   // when true, cookie will only be sent over SSL
      }
--- a/lib/client-sessions.js
+++ b/lib/client-sessions.js
@ -180,6 +180,9 @@ function Session(req, res, cookies, opts) {
  this.res = res;
  this.cookies = cookies;
  this.opts = opts;
+  if (opts.cookie.ephemeral && opts.cookie.maxAge) {
+    throw new Error("you cannot have an ephemeral cookie with a maxAge.");
+  }

  this.content = {};
  this.loaded = false;
@ -205,7 +208,7 @@ function Session(req, res, cookies, opts) {

 Session.prototype = {
  updateDefaultExpires: function() {
-    if (!this.opts.cookie.maxAge) {
+    if (!this.opts.cookie.maxAge && !this.opts.cookie.ephemeral) {
      var time = this.createdAt || new Date().getTime();
      // the cookie should expire when it becomes invalid
      // we add an extra second because the conversion to a date truncates the milliseconds
--- a/test/all-test.js
+++ b/test/all-test.js
@ -975,4 +975,64 @@ suite.addBatch({
  }
 });

+suite.addBatch({
+  "non-ephemeral cookie": {
+    topic: function() {
+      var self = this;
+
+      var app = express.createServer();
+      app.use(cookieSessions({
+        cookieName: 'session',
+        duration: 5000,
+        secret: 'yo',
+        cookie: {
+          ephemeral: false,
+          maxAge: 400
+        }
+      }));
+
+      app.get("/foo", function(req, res) {
+        req.session.foo = 'foobar';
+        res.send("hello");
+      });
+
+      var browser = tobi.createBrowser(app);
+      browser.get("/foo", function(res, $) {
+        self.callback(null, res);
+      });
+    },
+    "has an expires attribute": function(err, res) {
+      assert.match(res.headers['set-cookie'][0], /expires/, "cookie is a session cookie");
+    }
+  },
+  "ephemeral cookie": {
+    topic: function() {
+      var self = this;
+
+      var app = express.createServer();
+      app.use(cookieSessions({
+        cookieName: 'session',
+        duration: 50000,
+        secret: 'yo',
+        cookie: {
+          ephemeral: true
+        }
+      }));
+
+      app.get("/foo", function(req, res) {
+        req.session.foo = 'foobar';
+        res.send("hello");
+      });
+
+      var browser = tobi.createBrowser(app);
+      browser.get("/foo", function(res, $) {
+        self.callback(null, res);
+      });
+    },
+    "doesn't have an expires attribute": function(err, res) {
+      assert.strictEqual(res.headers['set-cookie'][0].indexOf('expires='), -1, "cookie is not ephemeral");
+    }
+  }
+});
+
 suite.export(module);