Skip to content

Lifetime session cookie is not "reset" on session request or updating/replacing session #294

@claytonchew

Description

@claytonchew

According to H3’s useSession() behavior, the session cookie’s expiry should reset based on maxAge whenever the session is updated (as discussed in h3js/h3#552). However, with nuxt-auth-utils, this doesn’t seem to happen.

I attempted to use setUserSession both in middleware and in server routes to extend the session’s lifetime. However, upon inspecting the API response headers, I observed that the set-cookie expiry date remains unchanged, retaining the same value as the previous session.

image

This behavior is unexpected, as updating the session should reset the expiry as per the maxAge configuration.

Additionally, I tried updating the session by setting a random value on each call via the session hook. While the session content itself updates as expected, the cookie expiry still does not refresh and remains the same as before.

Just to be clear, the session does reset its expiry only if the session is set on a subsequent request after it's being cleared (either by client or the server). It just does not do so if you clear and set within the same requests.

Potentially similar issues – #256

Steps to Reproduce

  1. Use setUserSession or replaceUserSession (or combination of clearUserSession and setUserSession – this behavior should be the same as replaceUserSession) in middleware or server routes to update the session.
  2. Inspect the response headers set-cookie to check the session cookie’s expiry.
  3. Optionally, update the session with a random value via session hook's "fetch" and repeat step 2.

Expected Behavior

The session cookie’s expiry should reset based on the configured maxAge value when the session is updated.

Actual Behavior

The session content updates as expected, but the cookie expiry remains unchanged from the original value.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions