SessionStore: Don't write DB record if already expired

2022-01-17 17:27:23 -05:00 · 2022-01-17 17:27:23 -05:00 · b991948e21
parent 4d498725c7
commit b991948e21
2 changed files with 16 additions and 4 deletions
--- a/src/node/db/SessionStore.js
+++ b/src/node/db/SessionStore.js
@ -8,17 +8,22 @@ const util = require('util');
 const logger = log4js.getLogger('SessionStore');

 class SessionStore extends Store {
+  async _checkExpiration(sid, sess) {
+    const {cookie: {expires} = {}} = sess || {};
+    if (expires && new Date() >= new Date(expires)) return await this._destroy(sid);
+    return sess;
+  }
+
  async _get(sid) {
    logger.debug(`GET ${sid}`);
    const s = await DB.get(`sessionstorage:${sid}`);
-    const {cookie: {expires} = {}} = s || {};
-    if (expires && new Date() >= new Date(expires)) return await this._destroy(sid);
-    return s;
+    return await this._checkExpiration(sid, s);
  }

  async _set(sid, sess) {
    logger.debug(`SET ${sid}`);
-    await DB.set(`sessionstorage:${sid}`, sess);
+    sess = await this._checkExpiration(sid, sess);
+    if (sess != null) await DB.set(`sessionstorage:${sid}`, sess);
  }

  async _destroy(sid) {
--- a/src/tests/backend/specs/SessionStore.js
+++ b/src/tests/backend/specs/SessionStore.js
@ -46,6 +46,13 @@ describe(__filename, function () {
      await set(sess);
      assert.equal(JSON.stringify(await db.get(`sessionstorage:${sid}`)), JSON.stringify(sess));
    });
+
+    it('set of already expired session', async function () {
+      const sess = {foo: 'bar', cookie: {expires: new Date(1)}};
+      await set(sess);
+      // No record should have been created.
+      assert(await db.get(`sessionstorage:${sid}`) == null);
+    });
  });

  describe('get', function () {