From 8a0ac33d847e5b648802422e7fab672b131c2f4b Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Wed, 17 Aug 2011 14:46:19 +0200 Subject: [PATCH 1/8] Cookie-Headers setted by response.setHeader, won't be overwritten --- lib/cookie-sessions.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lib/cookie-sessions.js b/lib/cookie-sessions.js index bc14262..0e00edc 100644 --- a/lib/cookie-sessions.js +++ b/lib/cookie-sessions.js @@ -67,6 +67,11 @@ var exports = module.exports = function(settings){ headers = exports.headersToArray(headers); headers.push(['Set-Cookie', cookiestr]); } + // Some Headers are written via response.setHeader and will + // be lost, if only explicit setHead-Calls are rewritten + else if (res.getHeader('Set-Cookie') !== undefined) { + setSessionCookieHeader(cookiestr, res); + } // if no Set-Cookie header exists, leave the headers as an // object, and add a Set-Cookie property else { @@ -95,6 +100,16 @@ exports.headersToArray = function(headers){ }, []); }; +function setSessionCookieHeader(cookiestr, response) { + var newCookieHeader, oldCookieHeader; + oldCookieHeader = response.getHeader('Set-Cookie'); + if (Array.isArray(oldCookieHeader)) { + newCookieHeader = oldCookieHeader.concat(cookiestr); + } else { + newCookieHeader = [oldCookieHeader, cookiestr]; + } + response.setHeader('Set-Cookie', newCookieHeader); +} // Extend a given object with all the properties in passed-in object(s). // From underscore.js (http://documentcloud.github.com/underscore/) From c9d780bc7e4678c23c63666e4b0d2c6cc9c0cc48 Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Fri, 7 Oct 2011 12:04:35 +0200 Subject: [PATCH 2/8] Neue Paketinformation --- package.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index 4b4202d..181b28d 100644 --- a/package.json +++ b/package.json @@ -1,13 +1,13 @@ { "name": "cookie-sessions" , "description": "Secure cookie-based session middleware for Connect" , "main": "./index" -, "author": "Caolan McMahon" -, "version": "0.0.2" +, "author": "Original Author: Caolan McMahon" +, "version": "0.0.2.1" , "repository" : { "type" : "git" - , "url" : "http://github.com/caolan/cookie-sessions.git" + , "url" : "http://github.com/jenshimmelreich/cookie-sessions.git" } -, "bugs" : { "web" : "http://github.com/caolan/cookie-sessions/issues" } +, "bugs" : { "web" : "http://github.com/jenshimmelreich/cookie-sessions/issues" } , "licenses" : [ { "type" : "MIT" , "url" : "http://github.com/caolan/cookie-sessions/raw/master/LICENSE" From 56df9d70199c492142d75938287d0ea2d19af13f Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Fri, 7 Oct 2011 13:52:06 +0200 Subject: [PATCH 3/8] Version zurueckgesetzt --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 181b28d..52082b2 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ , "description": "Secure cookie-based session middleware for Connect" , "main": "./index" , "author": "Original Author: Caolan McMahon" -, "version": "0.0.2.1" +, "version": "0.0.2" , "repository" : { "type" : "git" , "url" : "http://github.com/jenshimmelreich/cookie-sessions.git" From 8c5d66983b37e600b88205f089469210824efa31 Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Fri, 7 Oct 2011 13:56:03 +0200 Subject: [PATCH 4/8] Version hochgesetzt --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 52082b2..1ffb995 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ , "description": "Secure cookie-based session middleware for Connect" , "main": "./index" , "author": "Original Author: Caolan McMahon" -, "version": "0.0.2" +, "version": "0.0.3" , "repository" : { "type" : "git" , "url" : "http://github.com/jenshimmelreich/cookie-sessions.git" From 9802742f4efb885d27a49d72fea8587147ee8353 Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Fri, 7 Oct 2011 14:03:59 +0200 Subject: [PATCH 5/8] Version zurueckgesetzt --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1ffb995..52082b2 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ , "description": "Secure cookie-based session middleware for Connect" , "main": "./index" , "author": "Original Author: Caolan McMahon" -, "version": "0.0.3" +, "version": "0.0.2" , "repository" : { "type" : "git" , "url" : "http://github.com/jenshimmelreich/cookie-sessions.git" From 5014abc65a56765d490529f29db182869cc78954 Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Mon, 17 Oct 2011 15:36:08 +0200 Subject: [PATCH 6/8] Erster Versuch das Handling an das express/session-Modul anzupassen --- lib/cookie-sessions.js | 111 ++++++++++++----------------------------- 1 file changed, 31 insertions(+), 80 deletions(-) diff --git a/lib/cookie-sessions.js b/lib/cookie-sessions.js index 0e00edc..b30d97b 100644 --- a/lib/cookie-sessions.js +++ b/lib/cookie-sessions.js @@ -26,91 +26,35 @@ var exports = module.exports = function(settings){ req.session = exports.readSession( s.session_key, s.secret, s.timeout, req); - // proxy writeHead to add cookie to response - var _writeHead = res.writeHead; - res.writeHead = function(statusCode){ - - var reasonPhrase, headers; - if (typeof arguments[1] === 'string') { - reasonPhrase = arguments[1]; - headers = arguments[2] || {}; - } - else { - headers = arguments[1] || {}; - } - - // Add a Set-Cookie header to all responses with the session data - // and the current timestamp. The cookie needs to be set on every - // response so that the timestamp is up to date, and the session - // does not expire unless the user is inactive. - - var cookiestr; - if (req.session === undefined) { - if ("cookie" in req.headers) { - cookiestr = escape(s.session_key) + '=' - + '; expires=' + exports.expires(0) - + '; path=' + s.path + '; HttpOnly'; - } - } else { - cookiestr = escape(s.session_key) + '=' - + escape(exports.serialize(s.secret, req.session)) - + '; expires=' + exports.expires(s.timeout) - + '; path=' + s.path + '; HttpOnly'; - } - - if (cookiestr !== undefined) { - if(Array.isArray(headers)) headers.push(['Set-Cookie', cookiestr]); - else { - // if a Set-Cookie header already exists, convert headers to - // array so we can send multiple Set-Cookie headers. - if(headers['Set-Cookie'] !== undefined){ - headers = exports.headersToArray(headers); - headers.push(['Set-Cookie', cookiestr]); - } - // Some Headers are written via response.setHeader and will - // be lost, if only explicit setHead-Calls are rewritten - else if (res.getHeader('Set-Cookie') !== undefined) { - setSessionCookieHeader(cookiestr, res); - } - // if no Set-Cookie header exists, leave the headers as an - // object, and add a Set-Cookie property - else { - headers['Set-Cookie'] = cookiestr; - } - } - } - - var args = [statusCode, reasonPhrase, headers]; - if (!args[1]) { - args.splice(1, 1); - } - // call the original writeHead on the request - return _writeHead.apply(res, args); - } + var writeHead = res.writeHead; + res.writeHead = function(status, headers){ + // TODO: In the old version a session-cookie will be set on every request. + // It has to be checked whether this is useful or not. + if (req.session) { + res.setHeader('Set-Cookie', buildCookieStr(s, req.session)); + } + + res.writeHead = writeHead; + return res.writeHead(status, headers); + }; + + // TODO: This is from connect/session, which works fine with other SessionStores. + // It has to be checked whether this us useful in out circumstance. + var end = res.end; + res.end = function(data, encoding) { + res.end = end; + // HACK: ensure Set-Cookie for implicit writeHead() + if (req.session && !res._header) { + res._implicitHeader(); + } + res.end(data, encoding); + }; + next(); }; }; -exports.headersToArray = function(headers){ - if(Array.isArray(headers)) return headers; - return Object.keys(headers).reduce(function(arr, k){ - arr.push([k, headers[k]]); - return arr; - }, []); -}; - -function setSessionCookieHeader(cookiestr, response) { - var newCookieHeader, oldCookieHeader; - oldCookieHeader = response.getHeader('Set-Cookie'); - if (Array.isArray(oldCookieHeader)) { - newCookieHeader = oldCookieHeader.concat(cookiestr); - } else { - newCookieHeader = [oldCookieHeader, cookiestr]; - } - response.setHeader('Set-Cookie', newCookieHeader); -} - // Extend a given object with all the properties in passed-in object(s). // From underscore.js (http://documentcloud.github.com/underscore/) function extend(obj) { @@ -120,6 +64,13 @@ function extend(obj) { return obj; }; +function buildCookieStr(settings, session) { + return escape(settings.session_key) + '=' + + escape(exports.serialize(settings.secret, session)) + + '; expires=' + exports.expires(settings.timeout) + + '; path=' + settings.path + '; HttpOnly'; +}; + exports.deserialize = function(secret, timeout, str){ // Parses a secure cookie string, returning the object stored within it. // Throws an exception if the secure cookie string does not validate. From 60f90628d1635c86e7d65e60a6996cfd12712470 Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Tue, 1 Nov 2011 09:58:50 +0100 Subject: [PATCH 7/8] timestamp fuer session --- lib/cookie-sessions.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/cookie-sessions.js b/lib/cookie-sessions.js index b30d97b..d1acec9 100644 --- a/lib/cookie-sessions.js +++ b/lib/cookie-sessions.js @@ -79,7 +79,10 @@ exports.deserialize = function(secret, timeout, str){ throw new Error('invalid cookie'); } var data = exports.decrypt(secret, exports.split(str).data_blob); - return JSON.parse(data); + var timestamp = exports.split(str).timestamp; + var json = JSON.parse(data); + json.timestamp = timestamp; + return json; }; exports.serialize = function(secret, data){ From f86c52eb16d7399b02c3fbd8f9af439f18e6154b Mon Sep 17 00:00:00 2001 From: Jens Himmelreich Date: Tue, 22 Nov 2011 08:50:08 +0100 Subject: [PATCH 8/8] package.json mit neuer Syntax --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 52082b2..bf2b8d2 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ { "type" : "git" , "url" : "http://github.com/jenshimmelreich/cookie-sessions.git" } -, "bugs" : { "web" : "http://github.com/jenshimmelreich/cookie-sessions/issues" } +, "bugs" : { "url" : "http://github.com/jenshimmelreich/cookie-sessions/issues" } , "licenses" : [ { "type" : "MIT" , "url" : "http://github.com/caolan/cookie-sessions/raw/master/LICENSE"