Fixes

lib/io/ioserver.js

@@ -34,6 +34,10 @@ function handleAuth(socket, accept) {
     if (data.headers.cookie) {
         cookieParser(data, null, function () {
             var auth = data.signedCookies.auth;
+            if (!auth) {
+                return accept(null, true);
+            }
+
             session.verifySession(auth, function (err, user) {
                 if (!err) {
                     socket.user = {

lib/session.js

@@ -21,6 +21,10 @@ exports.genSession = function (account, expiration, cb) {
 };
 
 exports.verifySession = function (input, cb) {
+    if (typeof input !== "string") {
+        return cb("Invalid auth string");
+    }
+
     var parts = input.split(":");
     if (parts.length !== 4) {
         return cb("Invalid auth string");

lib/web/auth.js

@@ -27,7 +27,7 @@ function handleLogin(req, res) {
     dest = dest.match(/login|logout/) ? null : dest;
 
     if (typeof name !== "string" || typeof password !== "string") {
-        res.send(400);
+        res.sendStatus(400);
         return;
     }
 
@@ -35,7 +35,7 @@ function handleLogin(req, res) {
     if (host.indexOf(Config.get("http.root-domain")) === -1 &&
             Config.get("http.alt-domains").indexOf(host) === -1) {
         Logger.syslog.log("WARNING: Attempted login from non-approved domain " + host);
-        return res.send(403);
+        return res.sendStatus(403);
     }
 
     var expiration;
@@ -166,7 +166,7 @@ function handleRegister(req, res) {
     var ip = webserver.ipForRequest(req);
 
     if (typeof name !== "string" || typeof password !== "string") {
-        res.send(400);
+        res.sendStatus(400);
         return;
     }