From 9bcc677c4a3a3a4900a54efa74b089c0dc42b1f1 Mon Sep 17 00:00:00 2001 From: Adam Mcgrath Date: Wed, 25 Aug 2021 09:55:55 +0100 Subject: [PATCH] res.cookie adds a default path so we should too when measuring (#275) --- lib/appSession.js | 1 + test/appSession.tests.js | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/lib/appSession.js b/lib/appSession.js index b0a2eb35..9be1fce1 100644 --- a/lib/appSession.js +++ b/lib/appSession.js @@ -51,6 +51,7 @@ module.exports = (config) => { const { transient: emptyTransient, ...emptyCookieOptions } = cookieConfig; emptyCookieOptions.expires = emptyTransient ? 0 : new Date(); + emptyCookieOptions.path = emptyCookieOptions.path || '/'; const emptyCookie = cookie.serialize( `${sessionName}.0`, diff --git a/test/appSession.tests.js b/test/appSession.tests.js index 229405fc..1d80dea4 100644 --- a/test/appSession.tests.js +++ b/test/appSession.tests.js @@ -123,6 +123,33 @@ describe('appSession', () => { }); it('should limit total cookie size to 4096 Bytes', async () => { + server = await createServer(appSession(getConfig(defaultConfig))); + const jar = request.jar(); + + await request.post('session', { + baseUrl, + jar, + json: { + sub: '__test_sub__', + random: crypto.randomBytes(8000).toString('base64'), + }, + }); + + const cookies = jar + .getCookies(baseUrl) + .reduce( + (obj, value) => Object.assign(obj, { [value.key]: value + '' }), + {} + ); + + assert.exists(cookies); + assert.equal(cookies['appSession.0'].length, 4096); + assert.equal(cookies['appSession.1'].length, 4096); + assert.equal(cookies['appSession.2'].length, 4096); + assert.isTrue(cookies['appSession.3'].length <= 4096); + }); + + it('should limit total cookie size to 4096 Bytes with custom path', async () => { const path = '/some-really-really-really-really-really-really-really-really-really-really-really-really-really-long-path'; server = await createServer(