Only lowercase session header when reading it.

Documentation/Books/Users/Foxx/FoxxSessions.mdpp

@@ -21,7 +21,7 @@ If *type* is set to *"cookie"*, the session cookie will be updated after every r
   * *type* (optional): sessions type, currently only *"cookie"* and *"header"* are supported. Default: *"cookie"*.
   * *cookieName* (optional): name of the session cookie if using cookie sessions. If a *cookieSecret* is provided, the signature will be stored in a cookie named *cookieName + "_sig"*. Default: *"sid"*.
   * *cookieSecret* (optional): secret string to sign session cookies with if using cookie sessions.
-  * *headerName* (optional): name of the session header if using header sessions. Default: *"x-session-id"*.
+  * *headerName* (optional): name of the session header if using header sessions. Default: *"X-Session-Id"*.
   * *autoCreateSession* (optional): whether a session should always be created if none exists. Default: *true*.
 
 @EXAMPLES

js/server/modules/org/arangodb/foxx/sessions.js

@@ -52,7 +52,7 @@ function decorateController(auth, controller) {
       req.session = sessions.fromCookie(req, cfg.cookieName, cfg.cookieSecret);
     } else if (cfg.type === 'header') {
       try {
-        req.session = sessions.get(req.headers[cfg.headerName]);
+        req.session = sessions.get(req.headers[cfg.headerName.toLowerCase()]);
       } catch (e) {
         if (!(e instanceof sessions.errors.SessionNotFound)) {
           throw e;
@@ -159,7 +159,7 @@ function Sessions(opts) {
       throw new Error('Header name must be a string or empty.');
     }
     if (!opts.headerName) {
-      opts.headerName = 'x-session-id';
+      opts.headerName = 'X-Session-Id';
     }
   } else {
     throw new Error('Only "cookie" and "header" type sessions are supported at this time.');