Skip to content

bugfix: session write not happening for pages router with chunked cookies #2447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tusharpandey13 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

bugfix: session write not happening for pages router with chunked cookies #2447

tusharpandey13 wants to merge 3 commits into from
+173 −1

Conversation

@tusharpandey13
Copy link
Contributor

@tusharpandey13 tusharpandey13 commented Dec 4, 2025
edited
Loading

When using getAccessToken(req, res) or updateSession(req, res, session) in Pages Router with chunked sessions, only the last cookie chunk was being persisted. This caused invalid_grant errors on subsequent requests because the session was corrupted.

Fixes: #2394

Root Cause

Headers.entries() yields each Set-Cookie header separately, but res.setHeader() overwrites previous values instead of appending in saveToSession.

Changes

  • client.ts: Updated logic to use pagesRouterRes.appendHeader for set-cookie header.
  • added a UT for the same.

Reproduction steps

  • Set Access token lifetime to 10s in auth0 dashboard
  • Added a pages router page that fetches Access token
  • Page refreshed after 10s multiple times
  • On second refresh, an invalid_grant error was thrown.

Reproduction failed after fixes.

@tusharpandey13
bugfix: fix session write not happening for pages router with chunked…
82f8694 
… cookies; this happened bc logic was overwriting set cookie headers instead of appending
@tusharpandey13 tusharpandey13 requested a review from a team as a code owner December 4, 2025 11:10
@tusharpandey13 tusharpandey13 changed the title bugfix: fix session write not happening for pages router with chunked cookies; this happened bc logic was overwriting set cookie headers instead of appending bugfix: fix session write not happening for pages router with chunked cookies Dec 4, 2025
@tusharpandey13 tusharpandey13 changed the title bugfix: fix session write not happening for pages router with chunked cookies bugfix: session write not happening for pages router with chunked cookies Dec 4, 2025
@codecov-commenter
Copy link

codecov-commenter commented Dec 4, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 66.66667% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.99%. Comparing base (6690372) to head (989bfdb).

Files with missing lines Patch % Lines
src/server/client.ts 66.66% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2447      +/-   ##
==========================================
+ Coverage   90.56%   90.99%   +0.43%     
==========================================
  Files          39       39              
  Lines        4515     4520       +5     
  Branches      933      939       +6     
==========================================
+ Hits         4089     4113      +24     
+ Misses        420      401      -19     
  Partials        6        6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nandan-bhat nandan-bhat nandan-bhat approved these changes

@frederikprijck frederikprijck Awaiting requested review from frederikprijck

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cookie not updating after getting a new access token

4 participants

@tusharpandey13 @codecov-commenter @nandan-bhat