nuxt-auth-utils icon indicating copy to clipboard operation
nuxt-auth-utils copied to clipboard

Published 20 hours ago verified publisher icon Atinux

`setUserSession` and `replaceUserSession` Lack Error Handling for Session Storage Failures

Open CorrM opened this issue 10 months ago • 2 comments

The setUserSession and replaceUserSession methods return a UserSession object that reflects the intended session data, even when the data fails to persist due to storage limits 4096-byte. This behavior creates a false assumption that the data was saved successfully.

For example:

const newSession = { user: { id: 1 }, token: "large-token-data" };
const result = await setUserSession(event, newSession);
console.log(result); // Outputs `newSession`, even if it wasn't saved

const currentSession = await getUserSession(event);
console.log(currentSession ); // Outputs outdated data

Expected Behavior

If session persistence fails, the methods should throw an error or return a status indicating failure. The returned UserSession object should only reflect successfully persisted data.

CorrM avatar Feb 02 '25 19:02 CorrM

Indeed, it might be tricky as the data is encoded to know when to throw an error :(

atinux avatar Feb 04 '25 23:02 atinux

I'm very happy to have come across this post !!! Because I had exactly the same problem. I reached the maximum size and couldn't understand why I couldn't log in anymore.

No error message, nothing at all.

hlassiege avatar Sep 19 '25 20:09 hlassiege