From eb3210097b41334ac738d72ad9d607ce8b11223a Mon Sep 17 00:00:00 2001
From: Matiss Kiris <matiss1@gmail.com>
Date: Sun, 9 Sep 2012 19:45:50 +0100
Subject: [PATCH 1/2] Can set session-only cookies

---
 lib/cookie-sessions.js | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/lib/cookie-sessions.js b/lib/cookie-sessions.js
index 477a388..bd681d9 100644
--- a/lib/cookie-sessions.js
+++ b/lib/cookie-sessions.js
@@ -157,10 +157,13 @@ exports.valid = function(secret, timeout, str){
     var hmac_sig = exports.hmac_signature(
         secret, parts.timestamp, parts.data_blob
     );
-    return (
-        parts.hmac_signature === hmac_sig &&
-        parts.timestamp + timeout > new Date().getTime()
-    );
+
+    var validatedTimeout = true;
+    if(timeout){
+        validatedTimeout = parts.timestamp + timeout > new Date().getTime();
+    }
+
+    return (parts.hmac_signature === hmac_sig && validatedTimeout);
 };
 
 exports.decrypt = function(secret, str){
@@ -215,5 +218,8 @@ exports.readSession = function(key, secret, timeout, req){
 
 
 exports.expires = function(timeout){
-    return (new Date(new Date().getTime() + (timeout))).toUTCString();
+    if(timeout){
+        return (new Date(new Date().getTime() + (timeout))).toUTCString();
+    }
+    return null;
 };

From 87a8d9bff068c8adb1b144aa7b83d2ae4a4e8127 Mon Sep 17 00:00:00 2001
From: Matiss Kiris <matiss1@gmail.com>
Date: Sun, 9 Sep 2012 19:51:23 +0100
Subject: [PATCH 2/2] Always return seesion as Hash

---
 lib/cookie-sessions.js       | 2 +-
 test/test-cookie-sessions.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/cookie-sessions.js b/lib/cookie-sessions.js
index bd681d9..ad2a97a 100644
--- a/lib/cookie-sessions.js
+++ b/lib/cookie-sessions.js
@@ -213,7 +213,7 @@ exports.readSession = function(key, secret, timeout, req){
     if(cookies[key]){
         return exports.deserialize(secret, timeout, cookies[key]);
     }
-    return undefined;
+    return {};
 };
 
 
diff --git a/test/test-cookie-sessions.js b/test/test-cookie-sessions.js
index e05026c..8524d97 100644
--- a/test/test-cookie-sessions.js
+++ b/test/test-cookie-sessions.js
@@ -305,7 +305,7 @@ exports['readSession no cookie'] = function(test){
     var r = sessions.readSession(
         'node_session', 'secret', 12, 'request_obj'
     );
-    test.same(r, undefined, 'return empty session');
+    test.same(r, {}, 'return empty session');
 
     // restore copied functions
     sessions.readCookies = readCookies;