Question: maxAge druring session updates

[Yizack]

Hello Atinux, I wanted to ask if the current behavior when overwriting maxAge and then maxAge is lost after updating the session later is intended

Summary

I tried to implement a "Remember me" option when logging in doing something like

// server/api/login.post.ts
await setUserSession(event, {
  user: {
    // user props
  },
}, {
  maxAge: remember ? 60 * 60 * 24 * 7 : undefined // if remember is true, maxAge is 7 days
})

It does overwrite the default maxAge as shown in the screenshot

However, after updating the session (for example to change the name of the user) with the following code, the maxAge is lost and changes to Session while I expected it to be the same above

// server/api/user.put.ts
await setUserSession(event, {
  user: {
    name: 'Test'
  }
})

Solution

To solve this at first I thought to keep the remember option as a session property but that would mean I'd need to check it and set maxAge in all setUserSession of the app, so instead I ended up editing the setUserSession util to include a maxAge property and check if the current session data includes maxAge and a new config maxAge is not set

export async function setUserSession(event: H3Event, data: UserSession, config?: Partial<SessionConfig>) {
  let session = await _useSession(event, config)

  if (ssession.data.maxAge && config?.maxAge === undefined) {
    session = await _useSession(event, {
      ...config,
      maxAge: session.data.maxAge as number,
    })
  }

  data.maxAge = config?.maxAge
  await session.update(defu(data, session.data))

  return session.data
}

See my changes here main...Yizack:nuxt-auth-utils:fix/max-age#diff-924ff08bed63f380edb066147815aa363d2115f9b770185d9ba7c01dbd327a1a

I also included an update button to test in the playground, I'm happy to include the steps for testing in a PR if you think this is a good idea :), if the behavior is intended we can close this issue