Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cookie-session session.sig isn’t created by Bun. #14113

Open
bilabror opened this issue Sep 23, 2024 · 3 comments
Open

cookie-session session.sig isn’t created by Bun. #14113

bilabror opened this issue Sep 23, 2024 · 3 comments
Labels
bug Something isn't working confirmed bug We can reproduce this issue node:http

Comments

@bilabror
Copy link

What version of Bun is running?

1.1.29+6d43b3662

What platform is your computer?

Darwin 24.0.0 arm64 arm

What steps can reproduce the bug?

here is my express settings

const app = express();
app.use(express.json());
app.use(cors());
app.use(helmet({ contentSecurityPolicy: false, crossOriginEmbedderPolicy: false }));
app.use(
  cookieSession({
    name: 'session',
    keys: [config.sessionKey1, config.sessionKey2],
    maxAge: 4 * 60 * 60 * 1000,
    httpOnly: true,
    secure: config.isProd || config.isStag,
    sameSite: 'strict',
  })
);

here is how i set the session

const encryptedArgs = Crypto.encrypt(args);
req.session![SS_SESSION_NAME] = encryptedArgs;

here is my encrypt code

const key = Buffer.from(config.encryptionKey, 'base64');
const algorithm = 'aes-256-gcm';
const encoding = 'base64';

const encrypt(data: unknown) {
  const iv = crypto.randomBytes(12);
  const cipher = crypto.createCipheriv(algorithm, key, iv);
  let encrypted = cipher.update(JSON.stringify(data), 'utf8', encoding);
  encrypted += cipher.final(encoding);
  const authTag = cipher.getAuthTag().toString(encoding);
  return `${encrypted}.${iv.toString(encoding)}.${authTag}`;
}

my nodemon settings

{
  "watch": ["src/**/*", "nodemon.json"],
  "exec": "bun src/index.ts",
  "ignore": ["node_modules/"],
  "ext": "graphql,ts,js,json"
}

how i run project

bun run dev

What is the expected behavior?

The session.sig cookie should be created automatically

What do you see instead?

Use ts-node : session.sig was created.
Screenshot 2024-09-23 at 22 19 32

Use bun : session.sig was not created.
Screenshot 2024-09-23 at 22 34 58

Additional information

No response
@bilabror bilabror added bug Something isn't working needs triage labels Sep 23, 2024
@RiskyMH

This comment has been minimized.

Sign in to view
@RiskyMH
Copy link
Contributor

RiskyMH commented Oct 12, 2024
edited
Loading

made more minimal again:

const http = require('http');

const res = new http.OutgoingMessage();
res.setHeader("myheader", ["first", "second"]);

console.log(res.getHeaders())

Node returns:

[Object: null prototype] { myheader: [ 'first', 'second' ] }

Bun returns:

{  myheader: "first,second" }

Notice how Bun returns the header value as a single string ("first,second") instead of an array unlike Node.js.

This behavior occurs because Bun uses Headers, while Node.js has its own implementation.

The difference happens because Bun uses the new Headers constructor in res.setHeader, which automatically joins list values into a single string. However Node.js, uses a different internal implementation for res.setHeader, which preserves an array for headers with multiple values.

@RiskyMH RiskyMH added confirmed bug We can reproduce this issue and removed needs triage labels Oct 12, 2024
@bilabror
Copy link
Author

@RiskyMH Thank you for confirming that it is a bug from Bun.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working confirmed bug We can reproduce this issue node:http
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RiskyMH @bilabror