Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session#regenerate does not call SessionStore#destroy #240

Open
2 tasks done
SpraxDev opened this issue Apr 8, 2024 · 1 comment
Open
2 tasks done

Session#regenerate does not call SessionStore#destroy #240

SpraxDev opened this issue Apr 8, 2024 · 1 comment

Comments

@SpraxDev
Copy link

SpraxDev commented Apr 8, 2024

Prerequisites

  • I have written a descriptive issue title
  • I have searched existing issues to ensure the bug has not already been reported

Fastify version

4.26.2

Plugin version

10.7.0

Node.js version

20.11.1

Operating system

Linux

Operating system version (i.e. 20.04, 11.3, 10)

5.15.150-1-MANJARO

Description

I am trying to regenerate a session in one of my routes to make sure whatever data is in there is reset and I would prefer to also get a new session id as I am essentially restarting the session.

But as far as I can see there is no way for me, without manually interacting with the SessionStore myself, to delete the old session id.

#regenerate only generates a new session for me and stores it.

Steps to Reproduce

Something like:

this.fastify.get('/regenerate', async (request, reply) => {
  await request.session.regenerate();
  request.session.set('userId', 123);
  await request.session.save();

  return reply.send();
});

For easier understanding on what is happening in the store:

    this.fastify.register(FastifySession, {
      secret: '...',
      store: {
        set: (sessionId, session, callback) => {
          console.log(`#set(${JSON.stringify(sessionId)}, ${JSON.stringify(session)}`);
          callback();
        },
        get: (sessionId, callback) => {
          console.log(`#get(${JSON.stringify(sessionId)})`);
          callback(null, null);
        },
        destroy: (sessionId, callback) => {
          console.log(`#destroy(${JSON.stringify(sessionId)})`);
          callback();
        }
      }
    });

Expected Behavior

I am essentially generating a completely new session with different ID and data/content.

I'd expect the session to be automatically deleted from the store as it is no longer used/needed.

As far as I can see, there is also no good workaround for this as calling await request.session.destroy(); before regenerating the session sets it to null causing TypeError: Cannot read properties of null (reading 'regenerate')
SpraxDev added a commit to SpraxDev/IHK-Betriebliches-Abschlussprojekt-GitLab-Suchmaschine that referenced this issue Apr 19, 2024
@SpraxDev
feat: Persist browser sessions in the database instead of in memory
285755f 
There are currently two caviats/TODOs:
1. When visiting the login-Route while already being logged in, a new session
   is persistet but the old one is not deleted right now (fastify/session#240)
2. Expired sessions are currently not deleted yet – But the method for it already exists – The app will have a scheduler/run-task-at-fixed-times which can be used for that
@gabor-s
Copy link

gabor-s commented May 21, 2024

A quick and dirty workaround:

let session = request.session;
await session.destroy();
await session.regenerate();
session = null; // just to make sure you don't use it or session = request.session

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gabor-s @SpraxDev