public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SessionStore: Improve cookie expiration check 

* Don't mutate `sess.cookie.expires`.
  * Allow `sess.cookie` to be nullish.
  * Always compare `Date` objects.
pull/5348/head
Richard Hansen 2021-12-19 03:31:34 -05:00
parent 928c598ecf
commit 4d498725c7
2 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/node/db/SessionStore.js
View File

@ -11,12 +11,8 @@ class SessionStore extends Store {
async _get(sid) { async _get(sid) {
logger.debug(`GET ${sid}`); logger.debug(`GET ${sid}`);
const s = await DB.get(`sessionstorage:${sid}`); const s = await DB.get(`sessionstorage:${sid}`);
if (!s) return; const {cookie: {expires} = {}} = s || {};
if (typeof s.cookie.expires === 'string') s.cookie.expires = new Date(s.cookie.expires); if (expires && new Date() >= new Date(expires)) return await this._destroy(sid);
if (s.cookie.expires && new Date() >= s.cookie.expires) {
await this._destroy(sid);
return;
}
return s; return s;
} }

6
src/tests/backend/specs/SessionStore.js
View File

@ -36,7 +36,7 @@ describe(__filename, function () {
}); });
it('set of non-expiring session', async function () { it('set of non-expiring session', async function () {
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}, cookie: {}}; const sess = {foo: 'bar', baz: {asdf: 'jkl;'}};
await set(sess); await set(sess);
assert.equal(JSON.stringify(await db.get(`sessionstorage:${sid}`)), JSON.stringify(sess)); assert.equal(JSON.stringify(await db.get(`sessionstorage:${sid}`)), JSON.stringify(sess));
}); });
@ -54,13 +54,13 @@ describe(__filename, function () {
}); });
it('set+get round trip', async function () { it('set+get round trip', async function () {
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}, cookie: {}}; const sess = {foo: 'bar', baz: {asdf: 'jkl;'}};
await set(sess); await set(sess);
assert.equal(JSON.stringify(await get()), JSON.stringify(sess)); assert.equal(JSON.stringify(await get()), JSON.stringify(sess));
}); });
it('get of record from previous run (no expiration)', async function () { it('get of record from previous run (no expiration)', async function () {
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}, cookie: {}}; const sess = {foo: 'bar', baz: {asdf: 'jkl;'}};
await db.set(`sessionstorage:${sid}`, sess); await db.set(`sessionstorage:${sid}`, sess);
assert.equal(JSON.stringify(await get()), JSON.stringify(sess)); assert.equal(JSON.stringify(await get()), JSON.stringify(sess));
}); });