Skip to content

Commit 85682a2

Browse files
geekjobdougwilson
geekjob
authored and
dougwilson
committed
Fix uncaught error from bad session data
closes #634
1 parent 1e3fc39 commit 85682a2

File tree

4 files changed

+64
-31
lines changed

4 files changed

+64
-31
lines changed

HISTORY.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ unreleased
22
==========
33

44
* Fix error passing `data` option to `Cookie` constructor
5+
* Fix uncaught error from bad session data
56

67
1.16.0 / 2019-04-10
78
===================

index.js

Lines changed: 28 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -363,6 +363,19 @@ function session(options) {
363363
wrapmethods(req.session);
364364
}
365365

366+
// inflate the session
367+
function inflate (req, sess) {
368+
store.createSession(req, sess)
369+
originalId = req.sessionID
370+
originalHash = hash(sess)
371+
372+
if (!resaveSession) {
373+
savedHash = originalHash
374+
}
375+
376+
wrapmethods(req.session)
377+
}
378+
366379
// wrap session methods
367380
function wrapmethods(sess) {
368381
var _reload = sess.reload
@@ -460,34 +473,26 @@ function session(options) {
460473
debug('fetching %s', req.sessionID);
461474
store.get(req.sessionID, function(err, sess){
462475
// error handling
463-
if (err) {
476+
if (err && err.code !== 'ENOENT') {
464477
debug('error %j', err);
478+
next(err)
479+
return
480+
}
465481

466-
if (err.code !== 'ENOENT') {
467-
next(err);
468-
return;
469-
}
470-
471-
generate();
472-
// no session
473-
} else if (!sess) {
474-
debug('no session found');
475-
generate();
476-
// populate req.session
477-
} else {
478-
debug('session found');
479-
store.createSession(req, sess);
480-
originalId = req.sessionID;
481-
originalHash = hash(sess);
482-
483-
if (!resaveSession) {
484-
savedHash = originalHash
482+
try {
483+
if (err || !sess) {
484+
debug('no session found')
485+
generate()
486+
} else {
487+
debug('session found')
488+
inflate(req, sess)
485489
}
486-
487-
wrapmethods(req.session);
490+
} catch (e) {
491+
next(e)
492+
return
488493
}
489494

490-
next();
495+
next()
491496
});
492497
};
493498
};

session/memory.js

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -171,14 +171,16 @@ function getSession(sessionId) {
171171
// parse
172172
sess = JSON.parse(sess)
173173

174-
var expires = typeof sess.cookie.expires === 'string'
175-
? new Date(sess.cookie.expires)
176-
: sess.cookie.expires
177-
178-
// destroy expired session
179-
if (expires && expires <= Date.now()) {
180-
delete this.sessions[sessionId]
181-
return
174+
if (sess.cookie) {
175+
var expires = typeof sess.cookie.expires === 'string'
176+
? new Date(sess.cookie.expires)
177+
: sess.cookie.expires
178+
179+
// destroy expired session
180+
if (expires && expires <= Date.now()) {
181+
delete this.sessions[sessionId]
182+
return
183+
}
182184
}
183185

184186
return sess

test/session.js

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -610,6 +610,31 @@ describe('session()', function(){
610610
})
611611
})
612612

613+
describe('when session without cookie property in store', function () {
614+
it('should pass error from inflate', function (done) {
615+
var count = 0
616+
var store = new session.MemoryStore()
617+
var server = createServer({ store: store }, function (req, res) {
618+
req.session.num = req.session.num || ++count
619+
res.end('session ' + req.session.num)
620+
})
621+
622+
request(server)
623+
.get('/')
624+
.expect(shouldSetCookie('connect.sid'))
625+
.expect(200, 'session 1', function (err, res) {
626+
if (err) return done(err)
627+
store.set(sid(res), { foo: 'bar' }, function (err) {
628+
if (err) return done(err)
629+
request(server)
630+
.get('/')
631+
.set('Cookie', cookie(res))
632+
.expect(500, /Cannot read property/, done)
633+
})
634+
})
635+
})
636+
})
637+
613638
describe('proxy option', function(){
614639
describe('when enabled', function(){
615640
var server

0 commit comments

Comments
 (0)