feat: remove read signedCookies and cookies (#1026)

bjohansebas · web-flow · commit 76bc233d8136 · 2025-04-26T22:01:40.000-05:00
diff --git a/index.js b/index.js
@@ -548,37 +548,6 @@ function getcookie(req, name, secrets) {
     }
   }
 
-  // back-compat read from cookieParser() signedCookies data
-  if (!val && req.signedCookies) {
-    val = req.signedCookies[name];
-
-    if (val) {
-      deprecate('cookie should be available in req.headers.cookie');
-    }
-  }
-
-  // back-compat read from cookieParser() cookies data
-  if (!val && req.cookies) {
-    raw = req.cookies[name];
-
-    if (raw) {
-      if (raw.substr(0, 2) === 's:') {
-        val = unsigncookie(raw.slice(2), secrets);
-
-        if (val) {
-          deprecate('cookie should be available in req.headers.cookie');
-        }
-
-        if (val === false) {
-          debug('cookie signature invalid');
-          val = undefined;
-        }
-      } else {
-        debug('cookie unsigned')
-      }
-    }
-  }
-
   return val;
 }
 
diff --git a/test/session.js b/test/session.js
@@ -2310,10 +2310,10 @@ describe('session()', function(){
   })
 
   describe('cookieParser()', function () {
-    it('should read from req.cookies', function(done){
+    it('shouldn\'t read from req.cookies', function(done){
       var app = express()
         .use(cookieParser())
-        .use(function(req, res, next){ req.headers.cookie = 'foo=bar'; next() })
+        .use(function(req, res, next){ delete req.headers.cookie; next() })
         .use(createSession())
         .use(function(req, res, next){
           req.session.count = req.session.count || 0
@@ -2328,56 +2328,11 @@ describe('session()', function(){
         request(app)
         .get('/')
         .set('Cookie', cookie(res))
-        .expect(200, '2', done)
-      })
-    })
-
-    it('should reject unsigned from req.cookies', function(done){
-      var app = express()
-        .use(cookieParser())
-        .use(function(req, res, next){ req.headers.cookie = 'foo=bar'; next() })
-        .use(createSession({ key: 'sessid' }))
-        .use(function(req, res, next){
-          req.session.count = req.session.count || 0
-          req.session.count++
-          res.end(req.session.count.toString())
-        })
-
-      request(app)
-      .get('/')
-      .expect(200, '1', function (err, res) {
-        if (err) return done(err)
-        request(app)
-        .get('/')
-        .set('Cookie', 'sessid=' + sid(res))
         .expect(200, '1', done)
       })
     })
 
-    it('should reject invalid signature from req.cookies', function(done){
-      var app = express()
-        .use(cookieParser())
-        .use(function(req, res, next){ req.headers.cookie = 'foo=bar'; next() })
-        .use(createSession({ key: 'sessid' }))
-        .use(function(req, res, next){
-          req.session.count = req.session.count || 0
-          req.session.count++
-          res.end(req.session.count.toString())
-        })
-
-      request(app)
-      .get('/')
-      .expect(200, '1', function (err, res) {
-        if (err) return done(err)
-        var val = cookie(res).replace(/...\./, '.')
-        request(app)
-        .get('/')
-        .set('Cookie', val)
-        .expect(200, '1', done)
-      })
-    })
-
-    it('should read from req.signedCookies', function(done){
+    it('shouldn\'t read from req.signedCookies', function(done){
       var app = express()
         .use(cookieParser('keyboard cat'))
         .use(function(req, res, next){ delete req.headers.cookie; next() })
@@ -2395,7 +2350,7 @@ describe('session()', function(){
         request(app)
         .get('/')
         .set('Cookie', cookie(res))
-        .expect(200, '2', done)
+        .expect(200, '1', done)
       })
     })
   })
