From b991948e21f436e581e009b57049d599af86b369 Mon Sep 17 00:00:00 2001 From: Richard Hansen Date: Mon, 17 Jan 2022 17:27:23 -0500 Subject: [PATCH] SessionStore: Don't write DB record if already expired --- src/node/db/SessionStore.js | 13 +++++++++---- src/tests/backend/specs/SessionStore.js | 7 +++++++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/node/db/SessionStore.js b/src/node/db/SessionStore.js index 82fcdb771..ec54d8f8c 100644 --- a/src/node/db/SessionStore.js +++ b/src/node/db/SessionStore.js @@ -8,17 +8,22 @@ const util = require('util'); const logger = log4js.getLogger('SessionStore'); class SessionStore extends Store { + async _checkExpiration(sid, sess) { + const {cookie: {expires} = {}} = sess || {}; + if (expires && new Date() >= new Date(expires)) return await this._destroy(sid); + return sess; + } + async _get(sid) { logger.debug(`GET ${sid}`); const s = await DB.get(`sessionstorage:${sid}`); - const {cookie: {expires} = {}} = s || {}; - if (expires && new Date() >= new Date(expires)) return await this._destroy(sid); - return s; + return await this._checkExpiration(sid, s); } async _set(sid, sess) { logger.debug(`SET ${sid}`); - await DB.set(`sessionstorage:${sid}`, sess); + sess = await this._checkExpiration(sid, sess); + if (sess != null) await DB.set(`sessionstorage:${sid}`, sess); } async _destroy(sid) { diff --git a/src/tests/backend/specs/SessionStore.js b/src/tests/backend/specs/SessionStore.js index 8723ffe07..7849f3529 100644 --- a/src/tests/backend/specs/SessionStore.js +++ b/src/tests/backend/specs/SessionStore.js @@ -46,6 +46,13 @@ describe(__filename, function () { await set(sess); assert.equal(JSON.stringify(await db.get(`sessionstorage:${sid}`)), JSON.stringify(sess)); }); + + it('set of already expired session', async function () { + const sess = {foo: 'bar', cookie: {expires: new Date(1)}}; + await set(sess); + // No record should have been created. + assert(await db.get(`sessionstorage:${sid}`) == null); + }); }); describe('get', function () {