Skip to content

Commit 50f2fdd

Browse files
daurnimatordaurnimator
committed
http/cookie: :clean() upfront so that store has no expired cookies
1 parent fd8fb85 commit 50f2fdd

File tree

1 file changed

+20
-19
lines changed

1 file changed

+20
-19
lines changed

http/cookie.lua

Lines changed: 20 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,9 @@ function store_methods:store(req_domain, req_path, req_is_http, req_is_secure, r
126126

127127
req_domain = assert(canonicalise_host(req_domain), "invalid request domain")
128128

129+
-- Clean now so that we can assume there are no expired cookies in store
130+
self:clean()
131+
129132
-- RFC 6265 Section 5.3
130133
local cookie = setmetatable({
131134
name = name;
@@ -262,22 +265,18 @@ function store_methods:store(req_domain, req_path, req_is_http, req_is_secure, r
262265
if domain_match(cookie.domain, d) or domain_match(d, cookie.domain) then
263266
for p, path_cookies in pairs(domain_cookies) do
264267
local cmp_cookie = path_cookies[name]
265-
if cmp_cookie then
266-
-- 1. Their name matches the name of the newly-created cookie.
267-
if cmp_cookie.expiry_time < now then
268-
self:clean()
269-
elseif
270-
-- 2. Their secure-only-flag is true.
271-
cmp_cookie.secure_only
272-
-- 3. Their domain domain-matches the domain of the newly-created
273-
-- cookie, or vice-versa.
274-
-- Note: already checked above in domain_match
275-
-- 4. The path of the newly-created cookie path-matches the path
276-
-- of the existing cookie.
277-
and path_match(p, cookie.path)
278-
then
279-
return false
280-
end
268+
-- 1. Their name matches the name of the newly-created cookie.
269+
if cmp_cookie
270+
-- 2. Their secure-only-flag is true.
271+
and cmp_cookie.secure_only
272+
-- 3. Their domain domain-matches the domain of the newly-created
273+
-- cookie, or vice-versa.
274+
-- Note: already checked above in domain_match
275+
-- 4. The path of the newly-created cookie path-matches the path
276+
-- of the existing cookie.
277+
and path_match(p, cookie.path)
278+
then
279+
return false
281280
end
282281
end
283282
end
@@ -528,16 +527,18 @@ function store_methods:lookup(req_domain, req_path, req_is_http, req_is_secure,
528527
end
529528

530529
local now = self.time()
530+
531+
-- Clean now so that we can assume there are no expired cookies in store
532+
self:clean()
533+
531534
local list = {}
532535
local n = 0
533536
for domain, domain_cookies in pairs(self.domains) do
534537
if domain_match(domain, req_domain) then
535538
for path, path_cookies in pairs(domain_cookies) do
536539
if path_match(path, req_path) then
537540
for _, cookie in pairs(path_cookies) do
538-
if cookie.expiry_time < now then
539-
self:clean()
540-
elseif cookie_match(cookie, req_domain, req_is_http, req_is_secure, req_is_safe_method, req_site_for_cookies, req_is_top_level) then
541+
if cookie_match(cookie, req_domain, req_is_http, req_is_secure, req_is_safe_method, req_site_for_cookies, req_is_top_level) then
541542
cookie.last_access_time = now
542543
n = n + 1
543544
list[n] = cookie

0 commit comments

Comments
 (0)