Closed windexlight closed 7 years ago
Delivered with v1.6.0
.
Initially this module was intended to replace the express-session built-in MemoryStore module. That was "buggy" by default and not 100% compliant with their store documentation.
We now avoid support for node v0.8
bumping the lru-cache
module to v4.0.3
.
Everything shipped with v1.6.0
.
Thanks for the prompt fix!
memorystore 1.5.1
After trying out this module as a session store, I noticed that my SID cookies were being sent as session cookies (no expire time), even though I was specifying a maxAge in the cookie options when initializing express-session. The same initialization with maxAge was being respected when using the default MemoryStore. After some debugging, I traced the problem to line 181 in memorystore.js, in the touch() implementation. After retrieving and parsing the session data from the underlying LRU cache, the temporary object's "cookie" property is set equal to the entire "sess" object passed into the function. The "sess" object contains a "cookie", so the result is that the real cookie data resides at sess.cookie.cookie, instead of sess.cookie.
Changing this line (181 in memorystore.js):
to:
resolves the issue for me.