fix: pass cookie options to delete (#12820)

Author: ascorbic

.changeset/heavy-lemons-tie.md

@@ -0,0 +1,5 @@
+---
+'astro': patch
+---
+
+Fixes a bug that caused cookies to not be deleted when destroying a session

packages/astro/src/core/session.ts

@@ -63,12 +63,21 @@ export class AstroSession<TDriver extends SessionDriverName = any> {
 		}: Exclude<ResolvedSessionConfig<TDriver>, undefined>,
 	) {
 		this.#cookies = cookies;
+		let cookieConfigObject: AstroCookieSetOptions | undefined;
 		if (typeof cookieConfig === 'object') {
-			this.#cookieConfig = cookieConfig;
-			this.#cookieName = cookieConfig.name || DEFAULT_COOKIE_NAME;
+			const { name = DEFAULT_COOKIE_NAME, ...rest } = cookieConfig;
+			this.#cookieName = name;
+			cookieConfigObject = rest;
 		} else {
 			this.#cookieName = cookieConfig || DEFAULT_COOKIE_NAME;
 		}
+		this.#cookieConfig = {
+			sameSite: 'lax',
+			secure: true,
+			path: '/',
+			...cookieConfigObject,
+			httpOnly: true,
+		};
 		this.#config = config;
 	}
 
@@ -258,15 +267,9 @@ export class AstroSession<TDriver extends SessionDriverName = any> {
 				message: 'Invalid cookie name. Cookie names can only contain letters, numbers, and dashes.',
 			});
 		}
-		const cookieOptions: AstroCookieSetOptions = {
-			sameSite: 'lax',
-			secure: true,
-			path: '/',
-			...this.#cookieConfig,
-			httpOnly: true,
-		};
+
 		const value = this.#ensureSessionID();
-		this.#cookies.set(this.#cookieName, value, cookieOptions);
+		this.#cookies.set(this.#cookieName, value, this.#cookieConfig);
 	}
 
 	/**
@@ -345,7 +348,7 @@ export class AstroSession<TDriver extends SessionDriverName = any> {
 			this.#toDestroy.add(this.#sessionID);
 		}
 		if (this.#cookieName) {
-			this.#cookies.delete(this.#cookieName);
+			this.#cookies.delete(this.#cookieName, this.#cookieConfig);
 		}
 		this.#sessionID = undefined;
 		this.#data = undefined;

packages/astro/test/units/sessions/astro-session.test.js

@@ -86,18 +86,20 @@ test('AstroSession - Cookie Management', async (t) => {
 	});
 
 	await t.test('should delete cookie on destroy', async () => {
-		let cookieDeleted = false;
+		let cookieDeletedArgs;
+		let cookieDeletedName;
 		const mockCookies = {
 			...defaultMockCookies,
-			delete: () => {
-				cookieDeleted = true;
+			delete: (name, args) => {
+				cookieDeletedName = name;
+				cookieDeletedArgs = args;
 			},
 		};
 
 		const session = createSession(defaultConfig, mockCookies);
 		session.destroy();
-
-		assert.equal(cookieDeleted, true);
+		assert.equal(cookieDeletedName, 'test-session');
+		assert.equal(cookieDeletedArgs?.path, '/');
 	});
 });