Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
improve session hashing when detecting modified sessions
See original GitHub issueThere is an issue in hash function
https://github.com/expressjs/session/blob/master/index.js#L582
simple JSON.stringify is not safe to use as when session contains an object with multiple properties inside (user for example with id, name, position properties). JSON.stringify can return different string (id, name, position or position, id, name). We need to do safe object keys sorting before serializing or use some kind of safe object hashing (e.g. https://github.com/puleos/object-hash)
Issue Analytics
- State:
- Created 5 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Yea, currently the implementation does give false positives. This idea here is that it’s better to just save again on accident than to accidentally not save when there was a change (i.e. false positives are ok vs false negatives are really bad). Ideally it would have no false anything, though. Efforts along those lines are welcome!
no, only for cases when session data use the same structure as object-hash internally (that is very unlikely)