Fix loading sessions with special keys

expressjs · Jan 24, 2024 · 51e7ce4 · 51e7ce4
1 parent 16c12cf
commit 51e7ce4
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 2 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,6 +1,7 @@
 unreleased
 ==========
 
+  * Fix loading sessions with special keys
   * deps: cookies@0.9.1
     - Add `partitioned` option for CHIPS support
     - Add `priority` option for Priority cookie support

diff --git a/index.js b/index.js
@@ -151,7 +151,9 @@ function Session (ctx, obj) {
 
   if (obj) {
     for (var key in obj) {
-      this[key] = obj[key]
+      if (!(key in this)) {
+        this[key] = obj[key]
+      }
     }
   }
 }

diff --git a/test/test.js b/test/test.js
@@ -479,7 +479,7 @@ describe('Cookie Session', function () {
       it('should create a session', function (done) {
         var app = App()
         app.use(function (req, res, next) {
-          req.session = { message: 'hello' }
+          req.session = { message: 'hello', foo: 'bar', isChanged: true }
           res.end('klajsdfasdf')
         })
 
@@ -488,6 +488,19 @@ describe('Cookie Session', function () {
           .expect(shouldHaveCookie('session'))
           .expect(200, done)
       })
+
+      it('should not error on special properties', function (done) {
+        var app = App()
+        app.use(function (req, res) {
+          req.session = { message: 'hello', isChanged: false }
+          res.end()
+        })
+
+        request(app)
+          .get('/')
+          .expect(shouldHaveCookie('session'))
+          .expect(200, done)
+      })
     })
 
     describe('anything else', function () {
@@ -528,6 +541,30 @@ describe('Cookie Session', function () {
           .get('/')
           .expect(200, 'true', done)
       })
+
+      it('should be true loading session', function (done) {
+        var app = App({ signed: false })
+        app.use(function (req, res) {
+          res.end(String(req.session.isPopulated))
+        })
+
+        request(app)
+          .get('/')
+          .set('Cookie', 'session=eyJtZXNzYWdlIjoiaGkifQ==')
+          .expect(200, 'true', done)
+      })
+
+      it('should not conflict with session value', function (done) {
+        var app = App({ signed: false })
+        app.use(function (req, res) {
+          res.end(String(req.session.isPopulated))
+        })
+
+        request(app)
+          .get('/')
+          .set('Cookie', 'session=eyJtZXNzYWdlIjoiaGkiLCJpc1BvcHVsYXRlZCI6ZmFsc2V9')
+          .expect(200, 'true', done)
+      })
     })
   })