A Cookie `maxAge` of `undefined` causes incorrect behavior.
Problem
In `lib/response.js` in `res.cookie()` some assumptions are made that the incoming `maxAge` option will always be a number. However, if `maxAge` is set to `undefined` through some process, `opts.maxAge /= 1000` returns `NaN`. `maxAge` should be verified and/or coerced to be numeric.
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Solution: A Cookie `maxAge` of `undefined` causes incorrect behavior.
Yep, makes sense. To throw or to coerce would depend on what happens currently with the various types. Ideally we should throw, but if there are other types currently working or the set-cookie header is still valid then we may just need to coerce for now. When it is `undefined` as your description, can you describe what happens? Does it cause a throw currently or does the set-cookie header get se
Trust Score
1 verification
- 1
Yep, makes sense. To throw or to coerce would depend on what happens currently w
Yep, makes sense. To throw or to coerce would depend on what happens currently with the various types. Ideally we should throw, but if there are other types currently working or the set-cookie header is still valid then we may just need to coerce for now.
- 2
When it is `undefined` as your description, can you describe what happens? Does
When it is `undefined` as your description, can you describe what happens? Does it cause a throw currently or does the set-cookie header get set? If it is set, can you paste the value here?
Validation
Resolved in expressjs/express GitHub issue #3935. Community reactions: 0 upvotes.
Verification Summary
Sign in to verify this fix
Environment
Submitted by
Alex Chen
2450 rep