public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SessionStore: Improve cookie expiration check 

* Don't mutate `sess.cookie.expires`.
  * Allow `sess.cookie` to be nullish.
  * Always compare `Date` objects.
pull/5348/head
Richard Hansen 2021-12-19 03:31:34 -05:00
parent 928c598ecf
commit 4d498725c7
2 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/node/db/SessionStore.js
View File

@ -11,12 +11,8 @@ class SessionStore extends Store {
async _get(sid) {
logger.debug(`GET ${sid}`);
const s = await DB.get(`sessionstorage:${sid}`);
if (!s) return;
if (typeof s.cookie.expires === 'string') s.cookie.expires = new Date(s.cookie.expires);
if (s.cookie.expires && new Date() >= s.cookie.expires) {
await this._destroy(sid);
return;
}
const {cookie: {expires} = {}} = s || {};
if (expires && new Date() >= new Date(expires)) return await this._destroy(sid);
return s;
}

6
src/tests/backend/specs/SessionStore.js
View File

@ -36,7 +36,7 @@ describe(__filename, function () {
});
it('set of non-expiring session', async function () {
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}, cookie: {}};
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}};
await set(sess);
assert.equal(JSON.stringify(await db.get(`sessionstorage:${sid}`)), JSON.stringify(sess));
});
@ -54,13 +54,13 @@ describe(__filename, function () {
});
it('set+get round trip', async function () {
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}, cookie: {}};
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}};
await set(sess);
assert.equal(JSON.stringify(await get()), JSON.stringify(sess));
});
it('get of record from previous run (no expiration)', async function () {
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}, cookie: {}};
const sess = {foo: 'bar', baz: {asdf: 'jkl;'}};
await db.set(`sessionstorage:${sid}`, sess);
assert.equal(JSON.stringify(await get()), JSON.stringify(sess));
});