search

mozilla / node-client-sessions

secure sessions stored in cookies
Mozilla Public License 2.0
759 stars 104 forks source link

secureProxy deprecated in cookies #140

Open souzajr opened 5 years ago

souzajr commented 5 years ago

Hello,

I'm getting this error message: image

In my middleware, I'm using the session like this:

app.use(session({
    cookieName: 'session',
    encryptionAlgorithm: 'aes256',
    encryptionKey: new Buffer.from(process.env.SESSION_SECRET1),
    signatureAlgorithm: 'sha256-drop128',
    signatureKey: new Buffer.from(process.env.SESSION_SECRET2, 'base64'),
    duration: 3600000,
    cookie: {
        path: '/',
        httpOnly: true,
        secureProxy: true
    }
}))

I'm using Cloudflare's SSL (flexible mode), so the "secure" option does not work for me. What should I do to get this message out? Thanks!

marwankhalili commented 5 years ago

Same issue as #101.

It should be safe to use secureProxy for now and ignore the deprecation warning. The option is still used by cookies:

 if (opts && "secureProxy" in opts) {
    deprecate('"secureProxy" option; use "secure" option, provide "secure" to constructor if needed')
    cookie.secure = opts.secureProxy
  }