fix: session regeneration (#12864)

Co-authored-by: Matt Kane <m@mk.gg>
Co-authored-by: Emanuele Stoppa <my.burning@gmail.com>
This commit is contained in:
Chris Kanich 2025-01-02 04:39:17 -06:00 committed by GitHub
parent 8809b85747
commit 440d8a54f7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 53 additions and 2 deletions

View file

@ -0,0 +1,5 @@
---
'astro': patch
---
Fixes a bug where the session ID wasn't correctly regenerated

View file

@ -182,9 +182,8 @@ export class AstroSession<TDriver extends SessionDriverName = any> {
const oldSessionId = this.#sessionID;
// Create new session
this.#sessionID = undefined;
this.#sessionID = crypto.randomUUID();
this.#data = data;
this.#ensureSessionID();
await this.#setCookie();
// Clean up old session asynchronously

View file

@ -0,0 +1,47 @@
import assert from 'node:assert/strict';
import { before, describe, it } from 'node:test';
import testAdapter from './test-adapter.js';
import { loadFixture } from './test-utils.js';
describe('Astro.session', () => {
/** @type {import('./test-utils').Fixture} */
let fixture;
before(async () => {
fixture = await loadFixture({
root: './fixtures/sessions/',
output: 'server',
adapter: testAdapter(),
});
});
describe('Production', () => {
let app;
before(async () => {
await fixture.build();
app = await fixture.loadTestAdapterApp();
});
async function fetchResponse(path, requestInit) {
const request = new Request('http://example.com' + path, requestInit);
const response = await app.render(request);
return response;
}
it('can regenerate session cookies upon request', async () => {
const firstResponse = await fetchResponse('/regenerate', { method: 'GET' });
const firstHeaders = Array.from(app.setCookieHeaders(firstResponse));
const firstSessionId = firstHeaders[0].split(';')[0].split('=')[1];
const secondResponse = await fetchResponse('/regenerate', {
method: 'GET',
headers: {
cookie: `astro-session=${firstSessionId}`,
},
});
const secondHeaders = Array.from(app.setCookieHeaders(secondResponse));
const secondSessionId = secondHeaders[0].split(';')[0].split('=')[1];
assert.notEqual(firstSessionId, secondSessionId);
});
});
});