6248e1440f
Use Buffer.from, Buffer.alloc instead of deprecated constructor
...
Simply remove all the usages of the deprecated buffer constructor.
Using Buffer.from and Buffer.allow instead.
2018-10-17 04:01:53 -07:00
53c7a05ff1
fix tests to close servers
2017-04-06 12:01:25 -07:00
e0c7db1688
update cookies module to v0.7.0 to gain support for sameSite attribute
2017-04-05 16:43:44 -07:00
0a577de729
update express module to v4.15.2
2017-04-05 16:15:01 -07:00
2dd39014a6
fix tests
2014-09-15 10:42:55 -07:00
cabfdcfb71
Return undefined from util.decode on more invalid inputs
...
Specifically, on inputs with components that are invalid
base64. Previously, such input would produce an exception,
which is inconsistent with the behavior for other forms
of invalid input (wrong number of components, wrong IV
length, invalid JSON).
2014-03-18 09:52:59 -07:00
927e6b93fc
Implement key length constraints
2014-01-03 18:26:13 -08:00
f7922f9df0
signatureAlgorithm & encryptionAlgorithm
2013-12-17 21:22:47 -08:00
d6399f82c5
removed need for Proxy, using getter/setters
...
- killed a native dependency!
- fix when someone does req.session = myObj.
2013-12-13 16:56:20 -08:00
3f156dd5df
fix dirty checking of nested objects
...
store json when loading, and then compare json at end to determine
if a child object has changed.
2013-11-29 09:54:04 -08:00
b8c53bfa64
adds activeDuration, default 5 minutes
...
if a user has an active session, such that they make a request, and the
expiration of their session is within the activeDuration value, their
session will be extended by the same value.
fixes #2
2013-10-23 18:26:11 -07:00
7070a11d68
Ephemeral state can now be changed in setDuration
...
Changing the ephemeral state will cause a new cookie to be set in
the browser.
2013-09-04 16:48:01 +12:00
8588ecf0fa
Add new cookie.ephemeral option defaulting to false
...
This option ensures that the cookie is expired by the browser when
it closes. It used to be the default but this was changed in
a2b144ccf7
2013-09-04 16:48:01 +12:00
8c47564dd7
Update the cookie expiry whenever duration or createdAt change
...
The cookie is reset everytime something in the session payload
changes. Whenever its reset, the original value of expires is
used.
This is good unless the duration or the creation time change. In
that case, we need to also update the cookie expiry to match the
expiry of the signed payload.
2013-09-04 16:41:40 +12:00
571b75f9f0
test: remove lies in comments
...
Perhaps the internal duration was 400 ms in a former life, but
now it's set to 500.
2013-08-30 18:41:50 +02:00
a2b144ccf7
Always set the HTTP expiry on the cookie to match internal duration
...
The external expiry on the cookie (which is really just a suggestion
for the browser) should be the same as the expiry inside the
encrypted/signed payload. That way the browser will avoid sending
an invalid cookie to the server.
https://github.com/mozilla/browserid/issues/2754
2013-08-30 18:41:49 +02:00
fe65d9a5f3
test: add another session duration test
...
We test that the session is cleared after it expires, but we don't
check that it's still there just before it expires, at least not in
the same way.
2013-08-30 18:41:49 +02:00
de04ba900a
Add a (failing) test for tampered HMACs
...
The test input conveniently chosen so that the HMAC (mis-)interpreted as UTF-8
gives REPLACEMENT CHARACTER (U+FFFD) at the end.
2013-06-20 01:19:26 -04:00
d552cc2f14
allow the client to specify a different request key name rather than forcing them to use the cookie name - issue #43
2013-05-31 10:53:44 -06:00
297e86c010
encode cookieName into cookie content
...
fixes #35
2013-04-19 15:22:04 -07:00
42c5f43e76
Removing requestKey from options. Reusing cookieName. Added README update
2013-04-16 15:53:20 -07:00
4c4d18397e
Provide support for client-sessions to be used multiple times.
...
Adds requestKey option. Defaults to "session".
Users of module can install middleware multiple times to
have different secure cookies with different policies.
2013-04-15 16:03:37 -07:00
eca903cebb
Added public encode and decode methods
2013-03-19 18:10:31 +01:00
0bd5549f47
Fixed issue with session loading variables from an existing cookie after a reset()
2013-02-18 17:03:02 -05:00
962c4eab6f
undefined session values should return undefined
...
it was returning null
2012-08-16 14:07:30 -07:00
c4f4fda169
adds test for a non-existing cookie read
...
this tests the functionality added in #15
2012-08-16 13:40:52 -07:00
d5f06c508a
improve error message when secure cookies are run on an insecure socket - also surpress this error from getting printed to stderr when tests are being run - closes #11
2012-04-18 12:55:29 -06:00
81362ec270
add a test which verifies that when session duration is modified, creation time is also updated
2012-04-18 12:37:15 -06:00
67c2ceeaea
add many new tests for session.setDuration()
2012-03-14 12:51:26 -06:00
ee2e6e4b30
implement setDuration
2012-03-13 13:08:07 -06:00
f0a6fd6efc
add a test of .setDuration() - clean up whitespace in tests
2012-03-13 12:40:14 -06:00
69a09abe2b
updated cookies version to respect req.connection.proxySecure, added tests for this, updated structure tobe more node'ish.
2012-01-04 19:18:12 -08:00
40b0cb2306
restructured tests to reduce crazy concurrency, also no sharing of express apps between tobis, tobis tend to be jealous, and added check that only single cookie is set, fixed bug where reset() was setting cookie
2011-12-30 12:25:01 -08:00
fcb4c9f643
added tests for duration, failing on vows right now
2011-12-30 10:52:57 -08:00
7512033304
Added test for duration, failing appropriately
2011-12-30 10:22:30 -08:00
758114240c
simplified API to just use .reset(), added tests and implemented. No duration support yet.
2011-12-30 09:49:27 -08:00
eaaac62165
added httponly true by default, updated readme
2011-12-30 08:40:36 -08:00
e907048f11
Added test for key enumeration, currently failing
2011-12-29 17:01:43 -08:00
4bf66f40bb
fixed maxage support, added tests
2011-12-29 16:19:44 -08:00
fa843f5007
ensure that deleting a key does the right thing
2011-12-29 16:09:37 -08:00
92e5121e08
session is now properly saved across requests and issues a set-cookie only when necessary
2011-12-29 12:33:07 -08:00
bc2d47077f
added tests and started code for session state, you know, the whole point of sessions
2011-12-29 09:33:16 -08:00
20101dc557
make sure to bind target methods to the target itself in the proxy, add test for session.clear()
2011-12-28 22:04:53 -08:00
caca8a9454
started putting together basic components, specifically proxies to get the session object to behave properly
2011-12-28 21:58:19 -08:00
Thomas Schmitt
Sean McArthur
busticated
John Firebaugh
Jeremy Stashewsky
Francois Marier
David Benjamin
Lloyd Hilaiel
Austin King
Trygve Lie
Roman Khmelichek
Ben Adida