Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

client-sessions

Package Overview
Dependencies
Maintainers
3
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

client-sessions - npm Package Compare versions

Comparing version
0.6.0
 to
0.7.0
+34
-6
lib/client-sessions.js

@@ -266,12 +266,31 @@ /* This Source Code Form is subject to the terms of the Mozilla Public

var iv = base64urldecode(components[0]);
var ciphertext = base64urldecode(components[1]);
var iv;
var ciphertext;
var hmac;
try {
iv = base64urldecode(components[0]);
ciphertext = base64urldecode(components[1]);
hmac = base64urldecode(components[4]);
} catch (ignored) {
cleanup();
return;
}
var createdAt = parseInt(components[2], 10);
var duration = parseInt(components[3], 10);
var hmac = base64urldecode(components[4]);
function cleanup() {
zeroBuffer(iv);
zeroBuffer(ciphertext);
zeroBuffer(hmac);
if (iv) {
zeroBuffer(iv);
}
if (ciphertext) {
zeroBuffer(ciphertext);
}
if (hmac) {
zeroBuffer(hmac);
}
if (expectedHmac) { // declared below

@@ -406,2 +425,7 @@ zeroBuffer(expectedHmac);

// alias for `reset` function for compatibility
destroy: function(){
this.reset();
},
setDuration: function(newDuration, ephemeral) {

@@ -508,2 +532,6 @@ if (ephemeral && this.opts.cookie.maxAge) {

});
Object.defineProperty(value, 'destroy', {
enumerable: false,
value: this.destroy.bind(this)
});
Object.defineProperty(value, 'setDuration', {

@@ -510,0 +538,0 @@ enumerable: false,

+2
-2
package.json
{
"name" : "client-sessions",
"version" : "0.6.0",
"version" : "0.7.0",
"description" : "secure sessions stored in cookies",

@@ -11,3 +11,3 @@ "main" : "lib/client-sessions",

"dependencies" : {
"cookies" : "0.3.8"
"cookies" : "0.5.0"
},

@@ -14,0 +14,0 @@ "devDependencies": {

+1
-1
README.md

@@ -46,3 +46,3 @@ [![build status](https://secure.travis-ci.org/mozilla/node-client-sessions.png)](http://travis-ci.org/mozilla/node-client-sessions)

httpOnly: true, // when true, cookie is not accessible from javascript
secure: false // when true, cookie will only be sent over SSL
secure: false // when true, cookie will only be sent over SSL. use key 'secureProxy' instead if you handle SSL not in your node process
}

@@ -49,0 +49,0 @@ }));

+7
-0
test/all-test.js

@@ -866,2 +866,9 @@ // a NODE_ENV of test will supress console output to stderr which

assert.isUndefined(decodedFake);
},
"decode - invalid input" : function(err, req){
var notEnoughComponents = 'LVB3G2lnPF75RzsT9mz7jQ.RT1Lcq0dOJ_DMRHyWJ4NZPjBXr2WzkFcUC4NO78gbCQ.1371704898483.5000';
assert.isUndefined(cookieSessions.util.decode({cookieName: 'session', secret: 'yo'}, notEnoughComponents));
var invalidBase64 = 'LVB3G2lnPF75RzsT9mz7jQ.RT1Lcq0dOJ_DMRHyWJ4NZPjBXr2WzkFcUC4NO78gb.1371704898483.5000.ILEusgnajT1sqCWLuzaUt-HFn2KPjYNd38DhI7aRCb9';
assert.isUndefined(cookieSessions.util.decode({cookieName: 'session', secret: 'yo'}, invalidBase64));
}

@@ -868,0 +875,0 @@ }

ChangeLog

Sorry, the diff of this file is not supported yet