Added check for res.headersSent before attempting to send a response …

…due to the session middleware triggering its callback with an error. Even though this is usually indicative of a timing issue in app-level code (where it attempts to respond more than once, simultaneous with a session store issue-- e.g. a hiccup in the redis connection), the process still should not crash, if possible. Since recovery is possible here, and _some_ sort of response has obviously been sent, it's preferable to keep the process alive in this scenario.
balderdashy · Sep 2, 2016 · 3f29dce · 3f29dce
1 parent d3a1e83
commit 3f29dce
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/lib/hooks/http/get-configured-http-middleware-fns.js b/lib/hooks/http/get-configured-http-middleware-fns.js
@@ -99,12 +99,26 @@ module.exports = function getBuiltInHttpMiddleware (expressRouterMiddleware, sai
             return next();
           }
 
+          // --•
+          // Run the session middleware.
           configuredSessionMiddleware(req,res,function (err) {
             if (!err) {
               return next();
             }
+
             var errMsg = 'Error occurred in session middleware :: ' + util.inspect((err&&err.stack)?err.stack:err, false, null);
             sails.log.error(errMsg);
+
+            // If headers have already been sent (e.g. because of timing issues in application-level code),
+            // then don't attempt to send another response.
+            // (but still log a warning)
+            if (res.headersSent) {
+              sails.log.warn('The session middleware encountered an error and triggered its callback, but response headers have already been sent.  Rather than attempting to send another response, failing silently...');
+              return;
+            }
+
+            // --•
+            // Otherwise, we can go ahead and send a response.
             return res.send(400, errMsg);
           });
         };