vvo / iron-session

🛠 Secure, stateless, and cookie-based session library for JavaScript

Home Page:https://get-iron-session.vercel.app

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

await session.save() fails to set cookie if cookies.set() is used after

Emrin opened this issue · comments

I tested this in middleware and any invocation of response.cookies.set() on a NextResponse after saving the session with await session.save() will not set the new session as a cookie.

Same here, cookie won't update on session.save() if another cookie has been set using document.setCookie()

I can confirm this issue. We are chaining middleware functions together.

Simplified examples:

function setCookieMiddleware(req, res, ctx) {
  res.cookies.set('foo', 'bar', { httpOnly: false })
  return res
}

async function saveSessionMiddleware(req, res, ctx) {
  ctx.session.foo = 'bar'
  await ctx.session.save()

  return response
}


// DOES NOT WORK: session cookie is not set in response headers, only foo cookie is present
const middlewares = [
  saveSessionMiddleware,
  setCookieMiddleware,
]

// DOES WORK: both session cookie and foo cookie Set Cookie header present in response headers
const middlewares = [
  setCookieMiddleware,
  saveSessionMiddleware,
]

Hey there, can someone create a very minimal example that I can run? It would be the best way to solve this issue, thanks!