@thi.ng/server 0.10.4 → 0.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +7 -1
  2. package/package.json +2 -2
  3. package/session/session.d.ts +6 -0
  4. package/session/session.js +13 -4
package/CHANGELOG.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Change Log
2
2
 
3
- - **Last updated**: 2025-05-28T12:02:40Z
3
+ - **Last updated**: 2025-06-05T12:59:44Z
4
4
  - **Generator**: [thi.ng/monopub](https://thi.ng/monopub)
5
5
 
6
6
  All notable changes to this project will be documented in this file.
@@ -11,6 +11,12 @@ See [Conventional Commits](https://conventionalcommits.org/) for commit guidelin
11
11
  **Note:** Unlisted _patch_ versions only involve non-code or otherwise excluded changes
12
12
  and/or version bumps of transitive dependencies.
13
13
 
14
+ ## [0.11.0](https://github.com/thi-ng/umbrella/tree/@thi.ng/server@0.11.0) (2025-06-05)
15
+
16
+ #### 🚀 Features
17
+
18
+ - force expire session cookie if invalid session ([ac6c208](https://github.com/thi-ng/umbrella/commit/ac6c208))
19
+
14
20
  ## [0.10.0](https://github.com/thi-ng/umbrella/tree/@thi.ng/server@0.10.0) (2025-04-16)
15
21
 
16
22
  #### 🚀 Features
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@thi.ng/server",
3
- "version": "0.10.4",
3
+ "version": "0.11.0",
4
4
  "description": "Minimal HTTP server with declarative routing, static file serving and freely extensible via pre/post interceptors",
5
5
  "type": "module",
6
6
  "module": "./index.js",
@@ -167,5 +167,5 @@
167
167
  "status": "alpha",
168
168
  "year": 2024
169
169
  },
170
- "gitHead": "61c3833b7ef7d044621454b5ea4af885d39f065e\n"
170
+ "gitHead": "5a1224bbd501c0dad203fa231749f21740350db7\n"
171
171
  }
package/session/session.d.ts CHANGED
@@ -87,6 +87,12 @@ export declare class SessionInterceptor<CTX extends RequestCtx = RequestCtx, SES
87
87
  replaceSession(ctx: CTX): Promise<SESSION | undefined>;
88
88
  withSession(res: ServerResponse, session: SESSION): ServerResponse<import("http").IncomingMessage>;
89
89
  validateSession(cookie: string): Promise<SESSION | undefined>;
90
+ /**
91
+ * Appends `set-cookie` header which forces immediate expiry of session cookie.
92
+ *
93
+ * @param ctx
94
+ */
95
+ expireCookie(ctx: CTX): void;
90
96
  }
91
97
  /**
92
98
  * Factory function to create a new {@link SessionInterceptor} instance
package/session/session.js CHANGED
@@ -29,6 +29,7 @@ class SessionInterceptor {
29
29
  if (cookie) {
30
30
  session = await this.validateSession(cookie);
31
31
  if (!session) {
32
+ this.expireCookie(ctx);
32
33
  ctx.res.forbidden();
33
34
  return false;
34
35
  }
@@ -56,10 +57,7 @@ class SessionInterceptor {
56
57
  if (await this.store.delete(sessionID)) {
57
58
  ctx.logger.info("delete session:", sessionID);
58
59
  ctx.session = void 0;
59
- ctx.res.appendHeader(
60
- "set-cookie",
61
- `${this.cookieName}=;Expires=Thu, 01 Jan 1970 00:00:00 GMT;${this.cookieOpts}`
62
- );
60
+ this.expireCookie(ctx);
63
61
  }
64
62
  }
65
63
  /**
@@ -117,6 +115,17 @@ class SessionInterceptor {
117
115
  const sameLength = actual.length === expected.length;
118
116
  return timingSafeEqual(sameLength ? actual : expected, expected) && sameLength ? session : void 0;
119
117
  }
118
+ /**
119
+ * Appends `set-cookie` header which forces immediate expiry of session cookie.
120
+ *
121
+ * @param ctx
122
+ */
123
+ expireCookie(ctx) {
124
+ ctx.res.appendHeader(
125
+ "set-cookie",
126
+ `${this.cookieName}=;Expires=Thu, 01 Jan 1970 00:00:00 GMT;${this.cookieOpts}`
127
+ );
128
+ }
120
129
  }
121
130
  const sessionInterceptor = (opts) => new SessionInterceptor(opts);
122
131
  const createSession = (ctx) => ({