const server = http.createServer((req, res) => {
const cookies = new Cookies(req, res);
new Cookies(req, res, {keys: []});
new Cookies(req, res, {keys: new Keygrip([])});
new Cookies(req, res, {secure: true});
let unsigned: string;
let signed: string;
let tampered: string;
if (req.url === "/set") {
cookies
// set a regular cookie
.set("unsigned", "foo", { httpOnly: false })
// set a signed cookie
.set("signed", "bar", { signed: true })
// mimic a signed cookie, but with a bogus signature
.set("tampered", "baz")
.set("tampered.sig", "bogus")
// sameSite option
.set("samesite", "same", {sameSite: 'lax'})
.set("samesite", "same", {sameSite: 'strict'})
.set("samesite", "same", {sameSite: false});
res.writeHead(302, { Location: "/" });
res.end("Now let's check.");
return;
}
unsigned = cookies.get("unsigned");
signed = cookies.get("signed", { signed: true });
tampered = cookies.get("tampered", { signed: true });
res.writeHead(200, { "Content-Type": "text/plain" });
res.end(
`unsigned expected: foo
unsigned actual: ${unsigned}
signed expected: bar
signed actual: ${signed}
tampered expected: undefined
tampered: ${tampered}
`);
});
/**
* called by UserContext constructor
* returns ai_user cookie if one exists, creates new cookie otherwise and returns guid
*/
public static getUserId(request, response): string {
var cookies = new Cookies(request, response);
var userId = '';
var userCookie = cookies.get('ai_user');
if (!userCookie) {
userId = uuid.v4();
var value = 'id:' + userId + '|acq:' + this.localDate(new Date());
cookies.set('ai_user', value);
} else {
userId = userCookie.substring(userCookie.indexOf(':'), userCookie.indexOf('|'));
}
return userId;
}
const server = http.createServer((req, res) => {
const cookies = new Cookies(req, res);
let unsigned: string,
signed: string,
tampered: string;
if (req.url === "/set") {
cookies
// set a regular cookie
.set("unsigned", "foo", { httpOnly: false })
// set a signed cookie
.set("signed", "bar", { signed: true })
// mimic a signed cookie, but with a bogus signature
.set("tampered", "baz")
.set("tampered.sig", "bogus");
res.writeHead(302, { Location: "/" });
return res.end("Now let's check.");
}
unsigned = cookies.get("unsigned");
signed = cookies.get("signed", { signed: true });
tampered = cookies.get("tampered", { signed: true });
res.writeHead(200, { "Content-Type": "text/plain" });
res.end(
"unsigned expected: foo\n\n" +
"unsigned actual: " + unsigned + "\n\n" +
"signed expected: bar\n\n" +
"signed actual: " + signed + "\n\n" +
"tampered expected: undefined\n\n" +
"tampered: " + tampered + "\n\n"
);
});
/**
* called by SessionContext constructor
* returns ai_session cookie and updates acces time if one exists and has not timed out
* other wise creates new cookie and returns guid
*/
public static getSessionId(request, response): string {
var cookies = new Cookies(request, response);
var sessionId = '';
var value = '';
var curDate = new Date();
var sessionCookie = cookies.get('ai_session');
if (!sessionCookie) {
sessionId = uuid.v4();
value = 'id:' + sessionId + '|acq:' + this.localDate(curDate) + '|acq:' + new Date().getTime();
} else {
sessionId = sessionCookie.substring(sessionCookie.indexOf(':'), sessionCookie.indexOf('|'));
var renewDate = sessionCookie.substring(sessionCookie.indexOf(':', sessionCookie.indexOf('acq:')+4), sessionCookie.length);
if (curDate.getTime() - renewDate > 1800000) {
sessionId = uuid.v4();
value = 'id:' + sessionId + '|acq:' + this.localDate(curDate) + '|acq:' + curDate.getTime();
} else {
var acqDate = sessionCookie.substring(sessionCookie.indexOf('acq:') + 3, sessionCookie.indexOf('|', sessionCookie.indexOf('acq:') + 3));
value = 'id:' + sessionId + '|acq:' + acqDate + '|acq:' + curDate.getTime();
}
}
cookies.set('ai_session', value);
return sessionId;
}