node.js - Using cookieParser() and cookieSession() together? -


cookieparser() gives option of signing cookies secret sentence, great prevent tampering. understand cookie signed special value, prevent tampering.

i discovered cookiesession(), find great alternative server-stored cookies (i store { loggedin = true, userid=763487246824632}, never grows).

but... found setting "secret" cookieparser() breaks things, , cookiesession() stops working if secret sentence matches. reason seems if cookie signed using same secret, cookieparser() takes , parses it. strange thing once cookieparser() has done work, , with same signature secret, session set to:

{ cookie:     { path: '/',      _expires: null,      originalmaxage: null,      httponly: true } }

rather than:

{ testing: 'ooo' }

(each reload adds 'o') so...

  • did analysis right?
  • do know why session set strange { cookie object if secret sentences match?

merc.

your analysis correct, can reproduce it.

the issue caused this line in cookiesession middleware (some context: options.secret key passed cookiesession, req.secret key passed cookieparser): if pass both middleware secret key, cookiesession assumes find raw (unparsed) cookie in req.cookies.

but since cookieparser has picked signed cookie (and it's being run before cookiesession), has parsed cookie (and because signing keys same, succeeded so), stored in req.signedcookies and deleted req.cookies. far cookiesession concerned, cookie isn't set.

the object see default session contents (which cookie property cookiesession configuration):

app.use(express.cookiesession({   cookie : { // <-- object     ...   } });

as solution: either use different key each middleware, or pass 1 of them secret key, not both (with understanding if pass cookieparser, all cookies signed).

fwiw: i'm not entirely sure if real bug. it's consequence of using same signing mechanism both cookieparser , cookiesession, no distinction between cookies signed 1 or other. although fixed checking if cookie located in req.signedcookies.


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more