Comments (4)
I also have this issue. Tested [email protected] and [email protected] because travelogue does not support hapi 5.x.x.
To reproduce:
- Create a yar session, e.g. in your browser.
- Change the yar password.
- Make another request with the same cookies.
- hapi's state handler will fail to parse the cookies. This causes the
onPreAuth
event to be skipped. - The
request.session
was never setup by yar'sonPreAuth
handler, so it will be null by the timeonPreResponse
comes around. - The server crashes.
Example trace:
Debug: hapi, state, error
{"name":"session","value":"Fe26.2**cafedbad","settings":{"isSecure":false,"isHttpOnly":false,"path":"/","domain":null,"ttl":null,"encoding":"iron","password":"WAT"},"reason":"Bad hmac value"}
/app/node_modules/yar/lib/index.js:181
if (!request.session._isModified &&
^
TypeError: Cannot read property '_isModified' of null
at /app/node_modules/yar/lib/index.js:181:29
at /app/node_modules/hapi/lib/handler.js:389:22
at iterate (/app/node_modules/hapi/node_modules/async/lib/async.js:149:13)
at Object.async.eachSeries (/app/node_modules/hapi/node_modules/async/lib/async.js:165:9)
at /app/node_modules/hapi/lib/handler.js:372:15
at internals.Protect.run (/app/node_modules/hapi/lib/protect.js:53:5)
at Object.exports.invoke (/app/node_modules/hapi/lib/handler.js:370:22)
at internals.Request._reply (/app/node_modules/hapi/lib/request.js:350:13)
at /app/node_modules/hapi/lib/request.js:318:18
at /app/node_modules/hapi/node_modules/async/lib/async.js:151:21
from yar.
Nice. Are you going to create a PR for that?
from yar.
I already did: #36
:)
On May 22, 2014, at 7:52 AM, Christian Maniewski [email protected] wrote:
Nice. Are you going to create a PR for that?
—
Reply to this email directly or view it on GitHub.
from yar.
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
from yar.
Related Issues (20)
- why the _store is empty each request HOT 9
- Using hapi's server.decorate could be dangerous. HOT 2
- Falsy values are converted to null HOT 2
- Delete a specific user's session HOT 5
- Yar doesn't handle the session cookie multiple times correctly. HOT 3
- Minor: Deprecated use of uuid HOT 1
- Session in distributed environment HOT 2
- Change module namespace HOT 1
- Support nes HOT 2
- Action required: Greenkeeper could not be activated 🚨 HOT 1
- Update dep HOT 1
- Only node 12
- Require hapi 19
- Change plugin name to @hapi/yar
- Assign data in onPreResponse lifecycle extension with takeover HOT 5
- Use built-in crypto.randomUUID HOT 2
- Drop support for node v12
- Password rotation
- Add a new method called pop() HOT 1
- Delete cookie as user logout
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yar.