Skip to content
This repository has been archived by the owner on Mar 11, 2022. It is now read-only.

Cookie persistence workaround #464

Merged
merged 1 commit into from
Sep 15, 2021
Merged

Cookie persistence workaround #464

merged 1 commit into from
Sep 15, 2021

Conversation

ricellis
Copy link
Member

Checklist

  • Tick to sign-off your agreement to the Developer Certificate of Origin (DCO) 1.1
  • Added tests for code changes or test/build only changes
  • Updated the change log file (CHANGES.md|CHANGELOG.md) or test/build only changes
  • Completed the PR template below:

Description

Patch tough-cookie bug in TokenManager

Fixes #463

Approach

Patch the cookie jar used in the TokenManager with the workaround for sliding updates in tough-cookie. This is mostly the same patch we used in cloudant-node-sdk just with a slight change to the initial _jar checks to suit the request module.

Schema & API Changes

  • "No change"

Security and Privacy

  • "No change"

Testing

  • Added a new test to validate a renewed cookie is applied after the original session lifetime expired.

Monitoring and Logging

  • "No change"

@ricellis ricellis self-assigned this Sep 14, 2021
@ricellis ricellis marked this pull request as ready for review September 14, 2021 11:22
emlaver
emlaver approved these changes Sep 14, 2021
View reviewed changes
Copy link
Member

@emlaver emlaver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good!

lib/tokens/TokenManager.js
// 1. supplied now argument
// 2. this.creation (original cookie creation time)
// 3. current time
// This patch replaces 2 with an expiry check relative to the cloudantPatchUpdateTime if set instead of
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did you mean:

Suggested change
// This patch replaces 2 with an expiry check relative to the cloudantPatchUpdateTime if set instead of
// This patch replaces 2 with an expiry check relative to the cloudantPatchUpdateTime instead of

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it only compares it to the cloudantPatchUpdateTime if it is set.

@ricellis ricellis merged commit 52b10de into master Sep 15, 2021
@ricellis ricellis deleted the 463-cookie-patch branch September 15, 2021 14:51
@mojito317 mojito317 added this to the 4.5.1 milestone Sep 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mojito317 mojito317 mojito317 approved these changes

@emlaver emlaver emlaver approved these changes

Assignees

@ricellis ricellis

Labels
None yet
Projects
None yet
Milestone
4.5.1
Development

Successfully merging this pull request may close these issues.

Auto-renewed session cookies do not persist beyond original session lifetime
3 participants
@ricellis @emlaver @mojito317