From cc0f4b506103097c657dc42f41bb6144179b6a2d Mon Sep 17 00:00:00 2001 From: Tomoaki Ichige <59423920+tomoakiichige@users.noreply.github.com> Date: Thu, 7 Sep 2023 15:58:32 +0900 Subject: [PATCH] fix: remove cookie.expires from shouldSaveSession evaluation logic (#209) * fix: remove cookie.expires from shouldSaveSession evaluation logic * test: add test --- lib/fastifySession.js | 2 +- test/session.test.js | 47 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/lib/fastifySession.js b/lib/fastifySession.js index ea5f346..9ac70b8 100644 --- a/lib/fastifySession.js +++ b/lib/fastifySession.js @@ -235,7 +235,7 @@ function fastifySession (fastify, options, next) { function shouldSaveSession (request, cookieId, saveUninitializedSession, rollingSessions) { return cookieId !== request.session.encryptedSessionId ? saveUninitializedSession || request.session.isModified() - : rollingSessions || (Boolean(request.session.cookie.expires) && request.session.isModified()) + : rollingSessions || request.session.isModified() } function option (options, key, def) { diff --git a/test/session.test.js b/test/session.test.js index a3807e7..b26061f 100644 --- a/test/session.test.js +++ b/test/session.test.js @@ -1036,3 +1036,50 @@ test('will not update expires property of the session using Session#touch() if m t.equal(response2.statusCode, 200) t.same(response2.json(), { expires: null }) }) + +test('should save session if existing, modified, rolling false, and cookie.expires null', async (t) => { + t.plan(8) + + const fastify = Fastify() + fastify.register(fastifyCookie) + fastify.register(fastifySession, { + ...DEFAULT_OPTIONS, + cookie: { secure: false }, + rolling: false + }) + fastify.get('/', (request, reply) => { + request.session.set('foo', 'bar') + t.equal(request.session.cookie.expires, null) + reply.send(200) + }) + fastify.get('/second', (request, reply) => { + t.equal(request.session.get('foo'), 'bar') + request.session.set('foo', 'baz') + t.equal(request.session.cookie.expires, null) + reply.send(200) + }) + fastify.get('/third', (request, reply) => { + t.equal(request.session.get('foo'), 'baz') + t.equal(request.session.cookie.expires, null) + reply.send(200) + }) + await fastify.listen({ port: 0 }) + t.teardown(() => { fastify.close() }) + + const response1 = await fastify.inject({ + url: '/' + }) + t.equal(response1.statusCode, 200) + + const response2 = await fastify.inject({ + url: '/second', + headers: { Cookie: response1.headers['set-cookie'] } + }) + t.equal(response2.statusCode, 200) + + const response3 = await fastify.inject({ + url: '/third', + headers: { Cookie: response1.headers['set-cookie'] } + }) + t.equal(response3.statusCode, 200) +})