ttl和keepAlive功能存在bug #251
Description
Runtime
nodejs chrome
Runtime version
node 20.18.0
Module version
12.0.1
Last module version without issue
No response
Used with
No response
Any other relevant information
No response
What are you trying to achieve or the steps to reproduce?
如果没有启用ttl之前用户登录写入了一条cookie,启用ttl和keepalive之后,会再写入一条cooke且不会清除上一条cookie,此时会存在两条cookie,且会读取到旧的cookie导致用户无法登录,keepAlive写入之前可能要unstate一下
keepalive还存在一个问题,如果用户a登出,再登录用户b,结果登录的还是用户a。因为异步响应有延迟,可能导致a登出后清除的cookie被服务器延迟响应的keepAlive重新写入,于是a又被登录了
"If a user logs in and writes a cookie before enabling ttl, after enabling ttl and keepAlive, another cookie will be written without clearing the previous one, resulting in two cookies being present. This can lead to the old cookie being read, preventing the user from logging in. It might be necessary to unset the previous state before writing with keepAlive.
There is also an issue with keepAlive: if user A logs out and then user B logs in, user A remains logged in. This is because the asynchronous response delay can cause the cookie cleared upon A's logout to be overwritten by a delayed server response for keepAlive, effectively logging user A back in again."