Incorrect number of sealed components

[dalalRohit]

The error I'm facing is definitely a very rare-case scenario but worth handling as a developer I guess.

When someone tampers/alters the encrypted cookie from the Cookies panel in DevTools, the app breaks completely with Incorrect number of sealed components as the error.

Is there any way I can catch this error?

Firstly, I thought it is coming from the point where the cookie is getting requested, i.e from where req.session.get(cookie_name) is called. So tried wrapping that in try/ catch but the error seems to be from either iron-store or @hapi/iron I guess.

Any help?

Rohit,

[vieiralucas]

My guess is that we need to add a check here:
https://github.com/vvo/next-iron-session/blob/d7e0c6aea42c27173e6d674e92f871e34632e580/lib/index.js#L132-L136

Like this:

    if (
      err.message === "Expired seal" ||
      err.message === "Bad hmac value" ||
      err.message === "Cannot find password: " ||
      err.message === "Incorrect number of sealed components"
    ) {