debug: adds debug statements related to Set-Cookie and issecure (#986)

abacaphiliac · web-flow · commit 4427d9334fc3 · 2025-04-26T22:03:52.000-05:00
diff --git a/index.js b/index.js
@@ -207,6 +207,7 @@ function session(options) {
       }
 
       if (!shouldSetCookie(req)) {
+        debug('should not set cookie');
         return;
       }
 
@@ -219,6 +220,7 @@ function session(options) {
       if (!touched) {
         // touch session
         req.session.touch()
+        debug('touch session');
         touched = true
       }
 
@@ -579,17 +581,21 @@ function hash(sess) {
 function issecure(req, trustProxy) {
   // socket is https server
   if (req.connection && req.connection.encrypted) {
+    debug('connection encrypted');
     return true;
   }
 
   // do not trust proxy
   if (trustProxy === false) {
+    debug('proxy untrusted');
     return false;
   }
 
   // no explicit trust; try req.secure from express
   if (trustProxy !== true) {
-    return req.secure === true
+    var reqSecure = req.secure === true
+    debug('request %s', reqSecure ? 'secure' : 'insecure');
+    return reqSecure
   }
 
   // read the proto from x-forwarded-proto header
@@ -599,7 +605,9 @@ function issecure(req, trustProxy) {
     ? header.substr(0, index).toLowerCase().trim()
     : header.toLowerCase().trim()
 
-  return proto === 'https';
+  var protoSecure = proto === 'https';
+  debug('protocol %s', protoSecure ? 'secure' : 'insecure');
+  return protoSecure;
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -207,6 +207,7 @@ function session(options) {`
`207`	`207`	`}`
`208`	`208`
`209`	`209`	`if (!shouldSetCookie(req)) {`
	`210`	`+ debug('should not set cookie');`
`210`	`211`	`return;`
`211`	`212`	`}`
`212`	`213`
`@@ -219,6 +220,7 @@ function session(options) {`
`219`	`220`	`if (!touched) {`
`220`	`221`	`// touch session`
`221`	`222`	`req.session.touch()`
	`223`	`+ debug('touch session');`
`222`	`224`	`touched = true`
`223`	`225`	`}`
`224`	`226`
`@@ -579,17 +581,21 @@ function hash(sess) {`
`579`	`581`	`function issecure(req, trustProxy) {`
`580`	`582`	`// socket is https server`
`581`	`583`	`if (req.connection && req.connection.encrypted) {`
	`584`	`+ debug('connection encrypted');`
`582`	`585`	`return true;`
`583`	`586`	`}`
`584`	`587`
`585`	`588`	`// do not trust proxy`
`586`	`589`	`if (trustProxy === false) {`
	`590`	`+ debug('proxy untrusted');`
`587`	`591`	`return false;`
`588`	`592`	`}`
`589`	`593`
`590`	`594`	`// no explicit trust; try req.secure from express`
`591`	`595`	`if (trustProxy !== true) {`
`592`		`- return req.secure === true`
	`596`	`+ var reqSecure = req.secure === true`
	`597`	`+ debug('request %s', reqSecure ? 'secure' : 'insecure');`
	`598`	`+ return reqSecure`
`593`	`599`	`}`
`594`	`600`
`595`	`601`	`// read the proto from x-forwarded-proto header`
`@@ -599,7 +605,9 @@ function issecure(req, trustProxy) {`
`599`	`605`	`? header.substr(0, index).toLowerCase().trim()`
`600`	`606`	`: header.toLowerCase().trim()`
`601`	`607`
`602`		`- return proto === 'https';`
	`608`	`+ var protoSecure = proto === 'https';`
	`609`	`+ debug('protocol %s', protoSecure ? 'secure' : 'insecure');`
	`610`	`+ return protoSecure;`
`603`	`611`	`}`
`604`	`612`
`605`	`613`	`/**`