Comments (7)
dougwilson
commented on April 27, 2024
2
Cool. I don't want to close this for now as just want to see what is decided around. I forgot to mention as well that adding, even a dummy method, would end up as semver major, as it would now prevent the usage of the key regenerate in the user-set data. And it's a hard thing to work around with a client side store model like this, because you cannot just update the key in your db; the clients have the data blob :(
from cookie-session.
dougwilson
commented on April 27, 2024
Hi @showaltb sorry about that! I took a look and it appears regenerate is meant to generate a new session ID for a session. But this module stores the session in the cookie directly, no session ID. I'm not sure what a regenerate would actually do if added to this module, though. Also adding something to req.session would be a backwards incompatible change, as right now someone could be storing data in that key.
from cookie-session.
Ylianst
commented on April 27, 2024
Arg. Passport now assumes that a session has regenerate() and save() methods (see here). As a result, Password now throws an exception when used with cookie-session, (see here).
Would be great if dummy versions of these methods where implemented.
from cookie-session.
dougwilson
commented on April 27, 2024
Yea, I thought about that too, but it seems like dummy methods would be misleading and then not actually perform what is intended. It likely makes more sense if, for example, Passport wants to use other modules that express-session, then it should probably have some sort of adapter so you can say what kind of session module you are using and it can use the appropriate APIs for that module.
from cookie-session.
dougwilson
commented on April 27, 2024
It also would mean that if dummy regenerate method was added, then there would no longer be a way for something like passport to detect that the session is not capable of regenerating the session id.
from cookie-session.
Ylianst
commented on April 27, 2024
Ok, filed with with Password: jaredhanson/passport#904
from cookie-session.
dougwilson
commented on April 27, 2024
Ok, so I'm going to close this issue has it has been sitting here for a few months. I looked over the linked Passport.js issue and it seems the question was answered in jaredhanson/passport#904 (comment)
The author of Passport.js seems pretty clear that cookie-session was never a supported session to use, which makes sense why no issue was ever noticed in the Passport.js change before it was released. The author outlined their thoughts there about how to add cookie-session as a supported session system to Passport.js as well. I'm not sure if they have made any progress towards it, but if not, I'm sure they would be willing to accept someone who did contribute such a change to Passport.js.
from cookie-session.
Related Issues (20)
- Session does not get stored if keys is not an array HOT 3
- What am I doing wrong? [question] HOT 1
- Clearing session does not remove cookies HOT 8
- Generating unique session.sig after logout/login HOT 3
- Use cookie-session as non middleware HOT 2
- Not working with axios (chrome) but working with Postman HOT 10
- Document: Ambiguity in Signature Documentation HOT 4
- sameSite no longer defaults to 'None' when undefined HOT 4
- session cookie value is exceedingly long and fails Set-Cookie with invalid syntax HOT 2
- secureProxy option to be able to use with non-Express servers behind SSL proxy HOT 1
- Suggestion: a custom name instead of req.session HOT 2
- Update dependency from [email protected] to [email protected] HOT 3
- Is there a risk when someone modifies the userId in the cookie? HOT 2
- Session cookie not sent over from server when using Firefox HOT 4
- flag Priority=High
- encrypt cookies
- The link to a list of browser cookie limits is dead
- Larger cookies with compression
- cookie options not being set
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cookie-session.