From 069ddee837d975ea62204fbccd6e41cfb7afbfce Mon Sep 17 00:00:00 2001
From: Rob Squires <rob.squires@gmail.com>
Date: Thu, 1 Feb 2018 16:21:10 +0000
Subject: [PATCH] secureProxy is deprecated in cookies

pass  option through via constructor
---
 lib/client-sessions.js |  8 +++++--
 test/all-test.js       | 47 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/lib/client-sessions.js b/lib/client-sessions.js
index a8d91ea..6e034ac 100644
--- a/lib/client-sessions.js
+++ b/lib/client-sessions.js
@@ -594,8 +594,12 @@ function clientSessionFactory(opts) {
     if (propertyName in req) {
       return next(); //self aware
     }
-
-    var cookies = new Cookies(req, res);
+    var options
+    if (opts.cookie.secureProxy) {
+      options = { secure: opts.cookie.secureProxy }
+      delete opts.cookie.secureProxy
+    }
+    var cookies = new Cookies(req, res, options);
     var rawSession;
     try {
       rawSession = new Session(req, res, cookies, opts);
diff --git a/test/all-test.js b/test/all-test.js
index 36b3d30..cef0ef3 100644
--- a/test/all-test.js
+++ b/test/all-test.js
@@ -839,6 +839,27 @@ function create_app_with_secure(firstMiddleware) {
   return app;
 }
 
+function create_app_with_secure_proxy(firstMiddleware) {
+  // set up the session middleware
+  var middleware = cookieSessions({
+    cookieName: 'session',
+    secret: 'yo',
+    activeDuration: 0,
+    cookie: {
+      maxAge: 5000,
+      secureProxy: true
+    }
+  });
+
+  var app = express();
+  if (firstMiddleware)
+    app.use(firstMiddleware);
+
+  app.use(middleware);
+
+  return app;
+}
+
 suite.addBatch({
   "across two requests, without proxySecure, secure cookies" : {
     topic: function() {
@@ -862,6 +883,32 @@ suite.addBatch({
   }
 });
 
+suite.addBatch({
+  "across two requests, with secureProxy, secure cookies" : {
+    topic: function() {
+      var self = this;
+      var app = create_app_with_secure_proxy();
+
+      app.get("/foo", function(req, res) {
+        req.session.reset();
+        req.session.foo = 'bar'
+        res.send("foo");
+      });
+
+      var browser = createBrowser(app);
+      browser.get("/foo", function(res, $) {
+        browser.done();
+        self.callback(null, res);
+      });
+
+    },
+    "can be set": function(err, res) {
+      assert.match(res.headers['set-cookie'], /secure/)
+      assert.equal(res.statusCode, 200);
+    }
+  }
+});
+
 suite.addBatch({
   "across two requests, with proxySecure, secure cookies" : {
     topic: function() {