From dd2a325f0d5ff982dbae854bbc513fb842ec7389 Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Tue, 5 Mar 2024 22:57:25 -0500
Subject: [PATCH 1/2] add verifyPath and special handling of OPTIONS *

---
 index.js | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index d41b2378..b7f26e30 100644
--- a/index.js
+++ b/index.js
@@ -66,6 +66,27 @@ var defer = typeof setImmediate === 'function'
   ? setImmediate
   : function(fn){ process.nextTick(fn.bind.apply(fn, arguments)) }
 
+/**
+ * Verifies if the original request path matches the path specified in the cookie options.
+ * The main purpose is to ensure that the session middleware processes requests that are intended for paths
+ * that match the cookie path.
+ *
+ * A special case is handled for OPTIONS requests with a wildcard '*', which is considered a match only
+ * if the cookie path is the default '/'. This is due to the semantics of HTTP that allows '*' as a wildcard
+ * for all paths in OPTIONS requests.
+ *
+ * @param {string} originalPath - The original request path.
+ * @param {Object} cookieOptions - The cookie options object.
+ * @param {string} cookieOptions.path - The path for which the cookie is set.
+ * @returns {boolean} Returns true if the original path matches the cookie path, false otherwise.
+ */
+function verifyPath(originalPath, cookieOptions) {
+  if (originalPath === '*') {
+    return cookieOptions.path === '/';
+  }
+  return originalPath.indexOf(cookieOptions.path || '/') === 0;
+}
+
 /**
  * Setup session store with the given `options`.
  *
@@ -190,10 +211,9 @@ function session(options) {
       next()
       return
     }
-
     // pathname mismatch
     var originalPath = parseUrl.original(req).pathname || '/'
-    if (originalPath.indexOf(cookieOptions.path || '/') !== 0) {
+    if (!verifyPath(originalPath, cookieOptions)) {
       debug('pathname mismatch')
       next()
       return

From e42c6f29b39dfc262083f4b2a16a6cb0dad96c0d Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Tue, 5 Mar 2024 23:02:05 -0500
Subject: [PATCH 2/2] update jsdoc and params to accept string cookiePath

---
 index.js | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/index.js b/index.js
index b7f26e30..275c08d0 100644
--- a/index.js
+++ b/index.js
@@ -76,15 +76,14 @@ var defer = typeof setImmediate === 'function'
  * for all paths in OPTIONS requests.
  *
  * @param {string} originalPath - The original request path.
- * @param {Object} cookieOptions - The cookie options object.
- * @param {string} cookieOptions.path - The path for which the cookie is set.
+ * @param {string} cookiePath - The path for which the cookie is set.
  * @returns {boolean} Returns true if the original path matches the cookie path, false otherwise.
  */
-function verifyPath(originalPath, cookieOptions) {
+function verifyPath(originalPath, cookiePath) {
   if (originalPath === '*') {
-    return cookieOptions.path === '/';
+    return cookiePath === '/';
   }
-  return originalPath.indexOf(cookieOptions.path || '/') === 0;
+  return originalPath.indexOf(cookiePath || '/') === 0;
 }
 
 /**
@@ -213,7 +212,7 @@ function session(options) {
     }
     // pathname mismatch
     var originalPath = parseUrl.original(req).pathname || '/'
-    if (!verifyPath(originalPath, cookieOptions)) {
+    if (!verifyPath(originalPath, cookieOptions.path)) {
       debug('pathname mismatch')
       next()
       return