diff options
| author |  Chris Kanich <kaytwo@gmail.com>
| 2025-01-02 04:39:17 -0600 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-01-02 10:39:17 +0000 |
| commit | 440d8a54f7b3d75dd16decb7d9d29e3724bff394 (patch) | |
| tree | 024e454aa6feebbaa9568019df4656e4414efe75 | |
| parent | 8809b85747c1af4a772a3649ce8a8b3bb0f31236 (diff) | |
| download | astro-440d8a54f7b3d75dd16decb7d9d29e3724bff394.tar.gz astro-440d8a54f7b3d75dd16decb7d9d29e3724bff394.tar.zst astro-440d8a54f7b3d75dd16decb7d9d29e3724bff394.zip | |
fix: session regeneration (#12864)
Co-authored-by: Matt Kane <m@mk.gg>
Co-authored-by: Emanuele Stoppa <my.burning@gmail.com>
| -rw-r--r-- | .changeset/hot-baboons-own.md | 5 | ||||
| -rw-r--r-- | packages/astro/src/core/session.ts | 3 | ||||
| -rw-r--r-- | packages/astro/test/sessions.test.js | 47 |
3 files changed, 53 insertions, 2 deletions
diff --git a/.changeset/hot-baboons-own.md b/.changeset/hot-baboons-own.md new file mode 100644 index 000000000..271a39606 --- /dev/null +++ b/.changeset/hot-baboons-own.md @@ -0,0 +1,5 @@ +--- +'astro': patch +--- + +Fixes a bug where the session ID wasn't correctly regenerated diff --git a/packages/astro/src/core/session.ts b/packages/astro/src/core/session.ts index 9ac7327c5..33117a47a 100644 --- a/packages/astro/src/core/session.ts +++ b/packages/astro/src/core/session.ts @@ -182,9 +182,8 @@ export class AstroSession<TDriver extends SessionDriverName = any> { const oldSessionId = this.#sessionID; // Create new session - this.#sessionID = undefined; + this.#sessionID = crypto.randomUUID(); this.#data = data; - this.#ensureSessionID(); await this.#setCookie(); // Clean up old session asynchronously diff --git a/packages/astro/test/sessions.test.js b/packages/astro/test/sessions.test.js new file mode 100644 index 000000000..8490e78ba --- /dev/null +++ b/packages/astro/test/sessions.test.js @@ -0,0 +1,47 @@ +import assert from 'node:assert/strict'; +import { before, describe, it } from 'node:test'; +import testAdapter from './test-adapter.js'; +import { loadFixture } from './test-utils.js'; + +describe('Astro.session', () => { + /** @type {import('./test-utils').Fixture} */ + let fixture; + + before(async () => { + fixture = await loadFixture({ + root: './fixtures/sessions/', + output: 'server', + adapter: testAdapter(), + }); + }); + + describe('Production', () => { + let app; + before(async () => { + await fixture.build(); + app = await fixture.loadTestAdapterApp(); + }); + + async function fetchResponse(path, requestInit) { + const request = new Request('http://example.com' + path, requestInit); + const response = await app.render(request); + return response; + } + + it('can regenerate session cookies upon request', async () => { + const firstResponse = await fetchResponse('/regenerate', { method: 'GET' }); + const firstHeaders = Array.from(app.setCookieHeaders(firstResponse)); + const firstSessionId = firstHeaders[0].split(';')[0].split('=')[1]; + + const secondResponse = await fetchResponse('/regenerate', { + method: 'GET', + headers: { + cookie: `astro-session=${firstSessionId}`, + }, + }); + const secondHeaders = Array.from(app.setCookieHeaders(secondResponse)); + const secondSessionId = secondHeaders[0].split(';')[0].split('=')[1]; + assert.notEqual(firstSessionId, secondSessionId); + }); + }); +}); |