[Bug] Session cookies are not cleared on browser close despite "clearWithBrowser" option

[cmeunier-ub]

Package version

7.7.0

Describe the bug

Session cookies are not deleted when the browser is closed even though the clearWithBrowser option is enabled in the Adonis configuration file config/session.ts.

I ran a few tests and it seems that the default value set for maxAge in http-server/src/define_config.ts on line 59 is responsible.

    cookie: {
      maxAge: '2h',                // <- I think this default value is the problem
      path: '/',
      httpOnly: true,
      secure: true,
      sameSite: 'lax' as const,
    },

As long as we specify a maxAge attribute with a value other than undefined in the options for the cookie to be created or in the config/app.ts file, everything works fine. But if we give maxAge = undefined as an option for our cookie, the value is overwritten by the one defined in http-server/src/define_config.ts.

As a result, it is not possible to create cookies that will be deleted when the browser is closed.

I am at your disposal for any further information you may require.

Reproduction repo

No response

[github-actions]

This issue has been marked as stale because it has been inactive for more than 21 days. Please reopen if you still need help on this issue

[RomainLanz]

Hey @cmeunier-ub! 👋🏻

I see that we are not testing for that use cases in our session package. Could you please create a PR with a failing test there?