From 51e7ce4dd63bb07aa8cb47bcc90e41f6b0cb7391 Mon Sep 17 00:00:00 2001
From: Douglas Christopher Wilson <doug@somethingdoug.com>
Date: Tue, 23 Jan 2024 21:30:16 -0500
Subject: [PATCH] Fix loading sessions with special keys

---
 HISTORY.md   |  1 +
 index.js     |  4 +++-
 test/test.js | 39 ++++++++++++++++++++++++++++++++++++++-
 3 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/HISTORY.md b/HISTORY.md
index c5ac1ce..71d97ce 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -1,6 +1,7 @@
 unreleased
 ==========
 
+  * Fix loading sessions with special keys
   * deps: cookies@0.9.1
     - Add `partitioned` option for CHIPS support
     - Add `priority` option for Priority cookie support
diff --git a/index.js b/index.js
index 9ece996..ea2b04e 100644
--- a/index.js
+++ b/index.js
@@ -151,7 +151,9 @@ function Session (ctx, obj) {
 
   if (obj) {
     for (var key in obj) {
-      this[key] = obj[key]
+      if (!(key in this)) {
+        this[key] = obj[key]
+      }
     }
   }
 }
diff --git a/test/test.js b/test/test.js
index f0c13fc..cd9e5d5 100644
--- a/test/test.js
+++ b/test/test.js
@@ -479,7 +479,7 @@ describe('Cookie Session', function () {
       it('should create a session', function (done) {
         var app = App()
         app.use(function (req, res, next) {
-          req.session = { message: 'hello' }
+          req.session = { message: 'hello', foo: 'bar', isChanged: true }
           res.end('klajsdfasdf')
         })
 
@@ -488,6 +488,19 @@ describe('Cookie Session', function () {
           .expect(shouldHaveCookie('session'))
           .expect(200, done)
       })
+
+      it('should not error on special properties', function (done) {
+        var app = App()
+        app.use(function (req, res) {
+          req.session = { message: 'hello', isChanged: false }
+          res.end()
+        })
+
+        request(app)
+          .get('/')
+          .expect(shouldHaveCookie('session'))
+          .expect(200, done)
+      })
     })
 
     describe('anything else', function () {
@@ -528,6 +541,30 @@ describe('Cookie Session', function () {
           .get('/')
           .expect(200, 'true', done)
       })
+
+      it('should be true loading session', function (done) {
+        var app = App({ signed: false })
+        app.use(function (req, res) {
+          res.end(String(req.session.isPopulated))
+        })
+
+        request(app)
+          .get('/')
+          .set('Cookie', 'session=eyJtZXNzYWdlIjoiaGkifQ==')
+          .expect(200, 'true', done)
+      })
+
+      it('should not conflict with session value', function (done) {
+        var app = App({ signed: false })
+        app.use(function (req, res) {
+          res.end(String(req.session.isPopulated))
+        })
+
+        request(app)
+          .get('/')
+          .set('Cookie', 'session=eyJtZXNzYWdlIjoiaGkiLCJpc1BvcHVsYXRlZCI6ZmFsc2V9')
+          .expect(200, 'true', done)
+      })
     })
   })