orator-session - npm Package Compare versions

Comparing version 1.0.21 to 1.0.22

package.json

 {
   "name": "orator-session",
-  "version": "1.0.21",
+  "version": "1.0.22",
   "description": "Session state and authentication manager for Orator Restful web API server.",
@@ -5,0 +5,0 @@ "main": "source/Orator-Session.js",

source/Orator-Session.js

@@ -238,2 +238,4 @@ /**
 
+			var tmpCookieDomain = getWildcardCookieDomain(pRequest);
+
 			libSessionStore.get(tmpSessionID,
@@ -250,3 +252,3 @@ function(pError, pData)
 								pRequest[_Settings.SessionCookieName] = tmpNewSessionData;
-								pResponse.setCookie(_Settings.SessionCookieName,tmpNewSessionData.SessionID, {path: '/', maxAge: _Settings.SessionTimeout, httpOnly: true });
+								pResponse.setCookie(_Settings.SessionCookieName,tmpNewSessionData.SessionID, {path: '/', maxAge: _Settings.SessionTimeout, httpOnly: true, domain: tmpCookieDomain });
 								return fNext();
@@ -266,3 +268,3 @@ }
 									pRequest[_Settings.SessionCookieName] = tmpNewSessionData;
-									pResponse.setCookie(_Settings.SessionCookieName,tmpNewSessionData.SessionID, {path: '/', maxAge: _Settings.SessionTimeout, httpOnly: true });
+									pResponse.setCookie(_Settings.SessionCookieName,tmpNewSessionData.SessionID, {path: '/', maxAge: _Settings.SessionTimeout, httpOnly: true, domain: tmpCookieDomain });
 									return fNext();
@@ -280,3 +282,3 @@ }
 									pRequest[_Settings.SessionCookieName] = tmpNewSessionData;
-									pResponse.setCookie(_Settings.SessionCookieName,tmpNewSessionData.SessionID, {path: '/', maxAge: _Settings.SessionTimeout, httpOnly: true });
+									pResponse.setCookie(_Settings.SessionCookieName,tmpNewSessionData.SessionID, {path: '/', maxAge: _Settings.SessionTimeout, httpOnly: true, domain: tmpCookieDomain });
 									return fNext();
@@ -505,2 +507,51 @@ }
 
+		/**
+		 * Get the public-facing server domain name
+		 *
+		 * @method getServerHostDomain
+		 */
+		var getServerHostDomain = function(pRequest)
+		{
+			if (!pRequest ||
+				!pRequest.headers)
+			{
+				_Log.warn('getServerHostDomain -- request object missing headers!');
+				return false;
+			}
+			
+			var tmpHostDomain = '';
+			if (pRequest.headers['origin']) //some reverse proxies will give us this header
+			{
+				tmpHostDomain = pRequest.headers['origin'].replace('http://', '').replace('https://', '');
+			}
+			else
+			{
+				tmpHostDomain = pRequest.headers.host;
+			}
+
+			return tmpHostDomain;
+		}
+
+		/**
+		 * If the domain is >3 tiers, then return a wildcard for 4th tier and beyond (default for shared auth with microservices architecture)
+		 * e.g. myapp.mainapp.company.com -> *.mainapp.company.com
+		 *
+		 * @method getCookieDomain
+		 */
+		var getWildcardCookieDomain = function(pRequest)
+		{
+			var tmpHostDomain = getServerHostDomain(pRequest);
+
+			var domainParts = tmpHostDomain.split('.');
+			if (domainParts.length > 3)
+			{
+				return '*.' + domainParts[domainParts.length-3] + '.' + domainParts[domainParts.length-2] + '.' + domainParts[domainParts.length-1];
+			}
+			else
+			{
+				//else don't use wildcards
+				return null;
+			}
+		}
+
 		//TODO: make this extensible
@@ -507,0 +558,0 @@ var formatUserPacketFromRecord = function(pUserRecord)

No alert changes

Improved metrics

Total package byte prevSize

40780

increased by3.52%

Lines of code

1380

increased by3.37%

No dependency changes