You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This means that if this.keys is truthy, but opts is undefined, the signed variable will be true but the key still won't be signed. My expectation is they key should be signed if signed == true, and it shouldn't depend on the existence of opts.
The text was updated successfully, but these errors were encountered:
That seems to make sense, though I'm not sure how easy this will be to fix without including it in the major version bump, because I wonder how many people have the keys set but no options given. I'll have to think about it some. Also input from @jonathanong
Cool, that was my suspicion. It seems weird that the existence of keys caused cookies to automatically sign. So I would almost say that the current behavior is intended: you only get signed cookies if you sent {signed: true} to .set. Does that sound right @jonathanong ?
In
Cookie.prototype.set
(https://github.com/expressjs/cookies/blob/2dcb71f130a7eaafd16e71b9af70debe11d4c93f/lib/cookies.js#L69), thesigned
variable is true ifopts.signed
orthis.keys
is truthy. However, the check for whether to sign keys or not also checks ifopts
exists.This means that if
this.keys
is truthy, butopts
is undefined, thesigned
variable will betrue
but the key still won't be signed. My expectation is they key should be signed ifsigned == true
, and it shouldn't depend on the existence ofopts
.The text was updated successfully, but these errors were encountered: