-
Notifications
You must be signed in to change notification settings - Fork 157
Description
According to H3’s useSession() behavior, the session cookie’s expiry should reset based on maxAge whenever the session is updated (as discussed in h3js/h3#552). However, with nuxt-auth-utils, this doesn’t seem to happen.
I attempted to use setUserSession both in middleware and in server routes to extend the session’s lifetime. However, upon inspecting the API response headers, I observed that the set-cookie
expiry date remains unchanged, retaining the same value as the previous session.

This behavior is unexpected, as updating the session should reset the expiry as per the maxAge configuration.
Additionally, I tried updating the session by setting a random value on each call via the session hook. While the session content itself updates as expected, the cookie expiry still does not refresh and remains the same as before.
Just to be clear, the session does reset its expiry only if the session is set on a subsequent request after it's being cleared (either by client or the server). It just does not do so if you clear and set within the same requests.
Potentially similar issues – #256
Steps to Reproduce
- Use
setUserSession
orreplaceUserSession
(or combination ofclearUserSession
andsetUserSession
– this behavior should be the same asreplaceUserSession
) in middleware or server routes to update the session. - Inspect the response headers
set-cookie
to check the session cookie’s expiry. - Optionally, update the session with a random value via session hook's "fetch" and repeat step 2.
Expected Behavior
The session cookie’s expiry should reset based on the configured maxAge value when the session is updated.
Actual Behavior
The session content updates as expected, but the cookie expiry remains unchanged from the original value.