Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

default signed or not when keys present #82

Open
dead-horse opened this issue Nov 1, 2016 · 5 comments
Open

default signed or not when keys present #82

dead-horse opened this issue Nov 1, 2016 · 5 comments
Assignees
@dougwilson
Labels
bug

Comments

@dead-horse
Copy link
Member

https://github.com/pillarjs/cookies/blob/master/lib/cookies.js#L74
https://github.com/pillarjs/cookies/blob/master/lib/cookies.js#L92

const cookies = new Cookies(req, res, ['key', 'keys']);

cookies.set('key', 'value'); // won't be signed
cookies.set('key', 'value', { maxAge: 100 }); // will be signed

not sure if we should make them all be signed or not be signed, and both will break people's code.
@dougwilson dougwilson self-assigned this Nov 12, 2016
@dougwilson
Copy link
Contributor

Hi @dead-horse yes, both of those should behave the same (signed in this case), so them behaving different depending on the presence of the options is a bug.

@dougwilson dougwilson added the bug label Nov 12, 2016
@dougwilson
Copy link
Contributor

The docs would suggest the correct functionality is that the sig cookie should only be there for an explicit signed: true.

@fengmk2
Copy link
Member

fengmk2 commented Nov 18, 2016

Fix this bug in the next major version, yep.

@dead-horse dead-horse mentioned this issue Nov 22, 2016
Merged
4 tasks
@dougwilson
Copy link
Contributor

I was just re-looking at this issue, and looked at the original implementation in b1322b6 and the discussion in #10 and it looks like the intended behavior is: honor the provided signed option, and default to signed if the library has keys, otherwise unsigned. The commit shows where the mistake came from in the original implementation, where the opts should have been removed in that second if.

@dougwilson
Copy link
Contributor

For now, I removed the fix on master to release one more 0.x version, and will defer this to the 1.x release due to breaking issues.

@dougwilson dougwilson reopened this Feb 19, 2017
@dougwilson dougwilson added this to the 0.8 milestone Sep 10, 2018
@dougwilson dougwilson removed this from the 0.8 milestone Oct 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dougwilson dougwilson

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dougwilson @fengmk2 @dead-horse