fix: remove cookie.expires from shouldSaveSession evaluation logic (f…

…astify#209) * fix: remove cookie.expires from shouldSaveSession evaluation logic * test: add test
nicob-29 · Sep 7, 2023 · cc0f4b5 · cc0f4b5
1 parent 5dc9125
commit cc0f4b5
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 1 deletion.
diff --git a/lib/fastifySession.js b/lib/fastifySession.js
@@ -235,7 +235,7 @@ function fastifySession (fastify, options, next) {
   function shouldSaveSession (request, cookieId, saveUninitializedSession, rollingSessions) {
     return cookieId !== request.session.encryptedSessionId
       ? saveUninitializedSession || request.session.isModified()
-      : rollingSessions || (Boolean(request.session.cookie.expires) && request.session.isModified())
+      : rollingSessions || request.session.isModified()
   }
 
   function option (options, key, def) {

diff --git a/test/session.test.js b/test/session.test.js
@@ -1036,3 +1036,50 @@ test('will not update expires property of the session using Session#touch() if m
   t.equal(response2.statusCode, 200)
   t.same(response2.json(), { expires: null })
 })
+
+test('should save session if existing, modified, rolling false, and cookie.expires null', async (t) => {
+  t.plan(8)
+
+  const fastify = Fastify()
+  fastify.register(fastifyCookie)
+  fastify.register(fastifySession, {
+    ...DEFAULT_OPTIONS,
+    cookie: { secure: false },
+    rolling: false
+  })
+  fastify.get('/', (request, reply) => {
+    request.session.set('foo', 'bar')
+    t.equal(request.session.cookie.expires, null)
+    reply.send(200)
+  })
+  fastify.get('/second', (request, reply) => {
+    t.equal(request.session.get('foo'), 'bar')
+    request.session.set('foo', 'baz')
+    t.equal(request.session.cookie.expires, null)
+    reply.send(200)
+  })
+  fastify.get('/third', (request, reply) => {
+    t.equal(request.session.get('foo'), 'baz')
+    t.equal(request.session.cookie.expires, null)
+    reply.send(200)
+  })
+  await fastify.listen({ port: 0 })
+  t.teardown(() => { fastify.close() })
+
+  const response1 = await fastify.inject({
+    url: '/'
+  })
+  t.equal(response1.statusCode, 200)
+
+  const response2 = await fastify.inject({
+    url: '/second',
+    headers: { Cookie: response1.headers['set-cookie'] }
+  })
+  t.equal(response2.statusCode, 200)
+
+  const response3 = await fastify.inject({
+    url: '/third',
+    headers: { Cookie: response1.headers['set-cookie'] }
+  })
+  t.equal(response3.statusCode, 200)
+})