express: A Cookie `maxAge` of `undefined` causes incorrect behavior.
In lib/response.js in res.cookie() some assumptions are made that the incoming maxAge option will always be a number. However, if maxAge is set to undefined through some process, opts.maxAge /= 1000 returns NaN. maxAge should be verified and/or coerced to be numeric.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 1
- Comments: 27 (25 by maintainers)
Commits related to this issue
- Fix behavior of null/undefined as "maxAge" in res.cookie fixes #3935 closes #3936 — committed to cjbarth/express by cjbarth 5 years ago
I’m still interested in this being resolved. Please reopen.