From 5bc59f16a0e61582ba4d926cfbb6448f0c137a52 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 8 Sep 2014 17:00:45 -0400 Subject: [PATCH] Keep req.session.save non-enumerable --- HISTORY.md | 1 + index.js | 12 ++++++++++-- test/session.js | 14 +++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index ddf6b13b..f391a999 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,7 @@ unreleased ========== + * Keep `req.session.save` non-enumerable * Prevent session prototype methods from being overwritten 1.8.0 / 2014-09-07 diff --git a/index.js b/index.js index 14e2a8ea..e7c95823 100644 --- a/index.js +++ b/index.js @@ -286,11 +286,19 @@ function session(options){ // wrap session methods function wrapmethods(sess) { var _save = sess.save; - sess.save = function save() { + + function save() { debug('saving %s', this.id); savedHash = hash(this); _save.apply(this, arguments); - }; + } + + Object.defineProperty(sess, 'save', { + configurable: true, + enumerable: false, + value: save, + writable: true + }); } // check if session has been modified diff --git a/test/session.js b/test/session.js index 31e0f5e7..82383f5c 100644 --- a/test/session.js +++ b/test/session.js @@ -223,6 +223,18 @@ describe('session()', function(){ }) }) + it('should only have session data enumerable (and cookie)', function (done) { + var server = createServer(null, function (req, res) { + req.session.test1 = 1 + req.session.test2 = 'b' + res.end(Object.keys(req.session).sort().join(',')) + }) + + request(server) + .get('/') + .expect(200, 'cookie,test1,test2', done) + }) + describe('when response ended', function () { it('should have saved session', function (done) { var saved = false @@ -483,7 +495,7 @@ describe('session()', function(){ should(sid(res)).not.equal(val) done() }) - }, 10) + }, 15) }) })