Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

cookie-session

Package Overview
Dependencies
Maintainers
5
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

cookie-session - npm Package Compare versions

Comparing version 2.0.0-beta.3 to 2.0.0-rc.1

39

HISTORY.md

@@ -0,1 +1,20 @@

2.0.0-rc.1 / 2020-01-23
=======================
* Remove private `req.session.save()`
* Remove undocumented `req.session.length` to free up key name
* Remove undocumented `req.sessionCookies` and `req.sessionKey`
* deps: cookies@0.8.0
- Fix check for default `secure` option behavior
- Fix `maxAge` option preventing cookie deletion
- Support `"none"` in `sameSite` option
- deps: depd@~2.0.0
- deps: keygrip@~1.1.0
- perf: remove argument reassignment
* deps: debug@3.2.6
* deps: on-headers@~1.0.2
- Fix `res.writeHead` patch missing return value
* deps: safe-buffer@5.2.0
* perf: remove internal reference to request from session object
2.0.0-beta.3 / 2017-10-13

@@ -68,2 +87,22 @@ =========================

1.4.0 / 2020-01-06
==================
* deps: cookies@0.8.0
- Fix check for default `secure` option behavior
- Fix `maxAge` option preventing cookie deletion
- Support `"none"` in `sameSite` option
- deps: depd@~2.0.0
- deps: keygrip@~1.1.0
1.3.3 / 2019-02-28
==================
* deps: cookies@0.7.3
- deps: depd@~1.1.2
- deps: keygrip@~1.0.3
- perf: remove argument reassignment
* deps: on-headers@~1.0.2
- Fix `res.writeHead` patch missing return value
1.3.2 / 2017-09-24

@@ -70,0 +109,0 @@ ==================

88

index.js

@@ -66,6 +66,4 @@ /*!

// to pass to Session()
req.sessionCookies = cookies
// for overriding
req.sessionOptions = Object.create(opts)
req.sessionKey = name

@@ -91,4 +89,10 @@ // define req.session getter / setter

// get or create session
return (sess = tryGetSession(req) || createSession(req))
// get session
if ((sess = tryGetSession(cookies, name, req.sessionOptions))) {
return sess
}
// create session
debug('new session')
return (sess = Session.create())
}

@@ -105,3 +109,3 @@

// create a new session
sess = Session.create(this, val)
sess = Session.create(val)
return sess

@@ -122,6 +126,8 @@ }

// remove
debug('remove %s', name)
cookies.set(name, '', req.sessionOptions)
} else if ((!sess.isNew || sess.isPopulated) && sess.isChanged) {
// save populated or non-new changed session
sess.save()
debug('save %s', name)
cookies.set(name, Session.serialize(sess), req.sessionOptions)
}

@@ -162,4 +168,4 @@ } catch (e) {

Session.create = function create (req, obj) {
var ctx = new SessionContext(req)
Session.create = function create (obj) {
var ctx = new SessionContext()
return new Session(ctx, obj)

@@ -173,4 +179,4 @@ }

Session.deserialize = function deserialize (req, str) {
var ctx = new SessionContext(req)
Session.deserialize = function deserialize (str) {
var ctx = new SessionContext()
var obj = decode(str)

@@ -220,16 +226,2 @@

/**
* Return how many values there are in the session object.
* Used to see if it's "populated".
*
* @return {Number}
* @public
*/
Object.defineProperty(Session.prototype, 'length', {
get: function getLength () {
return Object.keys(this).length
}
})
/**
* populated flag, which is just a boolean alias of .length.

@@ -243,3 +235,3 @@ *

get: function getIsPopulated () {
return Boolean(this.length)
return Object.keys(this).length > 0
}

@@ -249,28 +241,8 @@ })

/**
* Save session changes by performing a Set-Cookie.
* @private
*/
Session.prototype.save = function save () {
var ctx = this._ctx
var val = Session.serialize(this)
var cookies = ctx.req.sessionCookies
var name = ctx.req.sessionKey
var opts = ctx.req.sessionOptions
debug('save %s', val)
cookies.set(name, val, opts)
}
/**
* Session context to tie session to req.
* Session context to store metadata.
*
* @param {Request} req
* @private
*/
function SessionContext (req) {
this.req = req
function SessionContext () {
this._new = true

@@ -281,12 +253,2 @@ this._val = undefined

/**
* Create a new session.
* @private
*/
function createSession (req) {
debug('new session')
return Session.create(req)
}
/**
* Decode the base64 cookie value to an object.

@@ -318,11 +280,7 @@ *

/**
* Try getting a session from a request.
* Try getting a session from a cookie.
* @private
*/
function tryGetSession (req) {
var cookies = req.sessionCookies
var name = req.sessionKey
var opts = req.sessionOptions
function tryGetSession (cookies, name, opts) {
var str = cookies.get(name, opts)

@@ -337,3 +295,3 @@

try {
return Session.deserialize(req, str)
return Session.deserialize(str)
} catch (err) {

@@ -340,0 +298,0 @@ return undefined

32

package.json
{
"name": "cookie-session",
"description": "cookie session middleware",
"version": "2.0.0-beta.3",
"version": "2.0.0-rc.1",
"contributors": [

@@ -18,19 +18,19 @@ "Douglas Christopher Wilson <doug@somethingdoug.com>",

"dependencies": {
"cookies": "0.7.1",
"debug": "3.1.0",
"on-headers": "~1.0.1",
"safe-buffer": "5.1.1"
"cookies": "0.8.0",
"debug": "3.2.6",
"on-headers": "~1.0.2",
"safe-buffer": "5.2.0"
},
"devDependencies": {
"connect": "3.6.5",
"eslint": "3.19.0",
"eslint-config-standard": "10.2.1",
"eslint-plugin-import": "2.7.0",
"eslint-plugin-markdown": "1.0.0-beta.6",
"eslint-plugin-node": "5.2.0",
"eslint-plugin-promise": "3.5.0",
"eslint-plugin-standard": "3.0.1",
"mocha": "3.5.3",
"nyc": "10.3.2",
"supertest": "1.2.0"
"connect": "3.7.0",
"eslint": "6.8.0",
"eslint-config-standard": "14.1.0",
"eslint-plugin-import": "2.20.0",
"eslint-plugin-markdown": "1.0.1",
"eslint-plugin-node": "11.0.0",
"eslint-plugin-promise": "4.2.1",
"eslint-plugin-standard": "4.0.1",
"mocha": "7.0.0",
"nyc": "15.0.0",
"supertest": "4.0.2"
},

@@ -37,0 +37,0 @@ "files": [

58

README.md
# cookie-session
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![NPM Version][npm-version-image]][npm-url]
[![NPM Downloads][npm-downloads-image]][npm-url]
[![Build Status][travis-image]][travis-url]
[![Test Coverage][coveralls-image]][coveralls-url]
[![Gratipay][gratipay-image]][gratipay-url]

@@ -75,5 +74,7 @@ Simple cookie-based session middleware.

The list of keys to use to sign & verify cookie values. Set cookies are always
The list of keys to use to sign & verify cookie values, or a configured
[`Keygrip`](https://www.npmjs.com/package/keygrip) instance. Set cookies are always
signed with `keys[0]`, while the other keys are valid for verification, allowing
for key rotation.
for key rotation. If a `Keygrip` instance is provided, it can be used to
change signature parameters like the algorithm of the signature.

@@ -96,7 +97,7 @@ ##### secret

- `domain`: a string indicating the domain of the cookie (no default).
- `sameSite`: a boolean or string indicating whether the cookie is a "same site" cookie (`false` by default). This can be set to `'strict'`, `'lax'`, or `true` (which maps to `'strict'`).
- `sameSite`: a boolean or string indicating whether the cookie is a "same site" cookie (`false` by default). This can be set to `'strict'`, `'lax'`, `'none'`, or `true` (which maps to `'strict'`).
- `secure`: a boolean indicating whether the cookie is only to be sent over HTTPS (`false` by default for HTTP, `true` by default for HTTPS). If this is set to `true` and Node.js is not directly over a TLS connection, be sure to read how to [setup Express behind proxies](https://expressjs.com/en/guide/behind-proxies.html) or the cookie may not ever set correctly.
- `httpOnly`: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript (`true` by default).
- `signed`: a boolean indicating whether the cookie is to be signed (`true` by default). If this is true, another cookie of the same name with the `.sig` suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of _cookie-name_=_cookie-value_ against the first [Keygrip](https://github.com/expressjs/keygrip) key. This signature key is used to detect tampering the next time a cookie is received.
- `overwrite`: a boolean indicating whether to overwrite previously set cookies of the same name (`true` by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie.
- `signed`: a boolean indicating whether the cookie is to be signed (`true` by default).
- `overwrite`: a boolean indicating whether to overwrite previously set cookies of the same name (`true` by default).

@@ -133,2 +134,10 @@ ### req.session

### Saving a session
Since the entire contents of the session is kept in a client-side cookie, the
session is "saved" by writing a cookie out in a `Set-Cookie` response header.
This is done automatically if there has been a change made to the session when
the Node.js response headers are being written to the client and the session
was not destroyed.
## Examples

@@ -215,2 +224,22 @@

### Using a custom signature algorithm
This example shows creating a custom `Keygrip` instance as the `keys` option
to provide keys and additional signature configuration.
```js
var cookieSession = require('cookie-session')
var express = require('express')
var Keygrip = require('keygrip')
var app = express()
app.use(cookieSession({
name: 'session',
keys: new Keygrip(['key1', 'key2'], 'SHA384', 'base64')
}))
// ... your logic here ...
```
## Usage Limitations

@@ -247,11 +276,8 @@

[npm-image]: https://img.shields.io/npm/v/cookie-session.svg
[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/cookie-session/master
[coveralls-url]: https://coveralls.io/r/expressjs/cookie-session?branch=master
[npm-downloads-image]: https://badgen.net/npm/dm/cookie-session
[npm-url]: https://npmjs.org/package/cookie-session
[travis-image]: https://img.shields.io/travis/expressjs/cookie-session/master.svg
[npm-version-image]: https://badgen.net/npm/v/cookie-session
[travis-image]: https://badgen.net/travis/expressjs/cookie-session/master
[travis-url]: https://travis-ci.org/expressjs/cookie-session
[coveralls-image]: https://img.shields.io/coveralls/expressjs/cookie-session.svg
[coveralls-url]: https://coveralls.io/r/expressjs/cookie-session?branch=master
[downloads-image]: https://img.shields.io/npm/dm/cookie-session.svg
[downloads-url]: https://npmjs.org/package/cookie-session
[gratipay-image]: https://img.shields.io/gratipay/dougwilson.svg
[gratipay-url]: https://www.gratipay.com/dougwilson/
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc