From 114cc870ccd9f9dd27356a2bb3cbcd9902998033 Mon Sep 17 00:00:00 2001
From: Petar Dobrev <petar@petardobrev.com>
Date: Tue, 8 May 2012 12:50:41 -0700
Subject: [PATCH] Shouldn't readSession return an empty object {} (as the
 comment on the top of the function says), instead of undefined?

Some middlewares that rely on the session (like everyauth) complain that it is undefined. Does this change have some security implications?
---
 lib/cookie-sessions.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/cookie-sessions.js b/lib/cookie-sessions.js
index 477a388..165d3d0 100644
--- a/lib/cookie-sessions.js
+++ b/lib/cookie-sessions.js
@@ -210,7 +210,7 @@ exports.readSession = function(key, secret, timeout, req){
     if(cookies[key]){
         return exports.deserialize(secret, timeout, cookies[key]);
     }
-    return undefined;
+    return {};
 };