Koa: remove .keys getters and setters

Created on 31 Jan 2014 · 8Comments · Source: koajs/koa

i changed cookies to be more user friendly and not require a keygrip instance all the time, though it might be less performant since you're initiating a new keygrip instance on every request (whatever, you can initialize yourself). if you care about the performance, i can revert https://github.com/koajs/koa/commit/c5655e093a974d01058736d9ee448d9fd551a7d2. otherwise, i think we should just remove the getters and setters for simplicity.

Source

jonathanong

Most helpful comment

@Volox You need to set app.keys

var koa = require('koa');
var app = koa();

app.keys = ['secret', 'key'];

dead-horse on 25 Jun 2014

👍3

All 8 comments

cool should be fine

tj on 31 Jan 2014

I think that this change has broken my application. According to the stack trace i get:

  server Error: .keys required for signed cookies
    at Object.Cookies.get (d:\portable\CS3\node_modules\koa\node_modules\cookies\lib\cookies.js:39:27)
    at Object.getSession (d:\portable\CS3\node_modules\koa-sess\lib\koa-session.js:127:35)
    at GeneratorFunctionPrototype.next (native)
    at Object.session (d:\portable\CS3\node_modules\koa-sess\lib\koa-session.js:222:36)
    at GeneratorFunctionPrototype.next (native)
    at Object.<anonymous> (d:\portable\CS3\node_modules\koa-mount\node_modules\koa-compose\index.js:29:12)
    at GeneratorFunctionPrototype.next (native)
    at Object.<anonymous> (d:\portable\CS3\node_modules\koa-mount\index.js:52:33)
    at GeneratorFunctionPrototype.next (native)
    at Object.gzip (d:\portable\CS3\node_modules\koa-gzip\index.js:28:12) +5ms

Volox on 25 Jun 2014

@Volox You need to set app.keys

var koa = require('koa');
var app = koa();

app.keys = ['secret', 'key'];

dead-horse on 25 Jun 2014

👍3

I have done it but the problem is still there.

Volox on 25 Jun 2014

can you show your code to reproduce this issue?

dead-horse on 25 Jun 2014

Ok, i figured out the problem.
In my application i mount other applications using koa-mount by doing so i need to set app.keys in all my applications.

Sample code to reproduce the error:

var koa = require('koa');
var session = require('koa-session');
var mount = require('koa-mount');

var app = koa();
var app2 = koa();

app2.keys = [ 'foo' ];
//app.keys = [ 'foo' ]; // Uncommenting this works
app2.use( session() );

app2.use( function* () {
  this.session.id = this.session.id || 1;
  this.session.id += 1;

  this.body = 'ads'+this.session.id;
});

app.use( mount( app2 ) );

app.listen( 3000 );

Volox on 25 Jun 2014

I only have to set it on the main app w/ app2 using the session middleware. Example:

  app.keys = [...];
  app2.use(session(....));

However, I am using: koa 0.21, koa-generic-session 1.9.0 with koa-pg-session.

da99 on 5 Jul 2015

This behavior is incorrect. I want to set a isolated session path on /connect because this the only place I will use sessions, my app is a stateless API but I have to use sessions for Grant (Facebook & Twitter Sign-in). I don't want to share my API v1 keys with all other endpoints of the server.

var app = koa();

// first session handler
var connect = koa();
connect.keys = ['awesome-key'];
connect.use(session({
    store: redisStore()
}));

app.use(mount('/connect', connect));

// second session handler
var connect2 = koa();
connect2.keys = ['other-key'];
connect2.use(session({
    store: redisStore()
}));

app.use(mount('/connect2', connect2));