Closed nallown closed 8 years ago
Looks like that it was a issue with the newer versions of node. It works fine with version 4.2.6 of node.
It might be worth checking out this change https://github.com/nodejs/node/commit/cf2b714b02 to add support for newer versions of node.
Edit: As a temporary solution you can run the node application with --security-revert=CVE-2016-2216
what version of node are you using?
@dead-horse version 4.4.7, anything beyond 4.2.6 doesn't work.
I can't reproduce this problem.
The default session id is generated by uid-safe which I think won't contains invalid http herder characters ?
strange, I'll test it in a clean node environment and see whether that works. I'll update you when I'm done.
Works fine in a new environment. I think it might be one of the installed modules interfering with it. Kind of strange how they're interfering even though they're not being loaded or touched at all though. They're just installed. I'll go through the node modules that I've got installed and will figure out which one it is.
Updating koa to version 1.2.1 and koa-generic-session to version 1.11.3 fixed it.
Edit: Found the problem! https://github.com/koajs/generic-session/issues/96#issuecomment-234743407
When running:
This exception gets thrown:
These are the modules that I used:
Can be reproduced with the following application: