Skip to content

Commit

Permalink
[v4] Deprecate res.clearCookie accepting options.maxAge and `opti…
Browse files Browse the repository at this point in the history
…ons.expires` (#5672)

* add deprecation notice for res.clearCookie maxAge/expires

* update History.md for clearCookie deprecation change

* add tests to codify deprecated behavior

Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com>

---------

Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com>
  • Loading branch information
jonchurch and ctcpip authored Jun 7, 2024
1 parent 689073d commit f42b160
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 0 deletions.
2 changes: 2 additions & 0 deletions History.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ unreleased

* deps: encodeurl@~2.0.0
- Removes encoding of `\`, `|`, and `^` to align better with URL spec
* Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25
==========
Expand Down
8 changes: 8 additions & 0 deletions lib/response.js
Original file line number Diff line number Diff line change
Expand Up @@ -822,6 +822,14 @@ res.get = function(field){
*/

res.clearCookie = function clearCookie(name, options) {
if (options) {
if (options.maxAge) {
deprecate('res.clearCookie: Passing "options.maxAge" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
}
if (options.expires) {
deprecate('res.clearCookie: Passing "options.expires" is deprecated. In v5.0.0 of Express, this option will be ignored, as res.clearCookie will automatically set cookies to expire immediately. Please update your code to omit this option.');
}
}
var opts = merge({ expires: new Date(1), path: '/' }, options);

return this.cookie(name, '', opts);
Expand Down
32 changes: 32 additions & 0 deletions test/res.clearCookie.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,37 @@ describe('res', function(){
.expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
.expect(200, done)
})

it('should set expires when passed', function(done) {
var expiresAt = new Date()
var app = express();

app.use(function(req, res){
res.clearCookie('sid', { expires: expiresAt }).end();
});

request(app)
.get('/')
.expect('Set-Cookie', 'sid=; Path=/; Expires=' + expiresAt.toUTCString() )
.expect(200, done)
})

it('should set both maxAge and expires when passed', function(done) {
var maxAgeInMs = 10000
var expiresAt = new Date()
var expectedExpires = new Date(expiresAt.getTime() + maxAgeInMs)
var app = express();

app.use(function(req, res){
res.clearCookie('sid', { expires: expiresAt, maxAge: maxAgeInMs }).end();
});

request(app)
.get('/')
// yes, this is the behavior. When we set a max-age, we also set expires to a date 10 sec ahead of expires
// even if we set max-age only, we will also set an expires 10 sec in the future
.expect('Set-Cookie', 'sid=; Max-Age=10; Path=/; Expires=' + expectedExpires.toUTCString())
.expect(200, done)
})
})
})

0 comments on commit f42b160

Please sign in to comment.