Bug Description
maxCachedSessions does not appear to be enforced in the TLS session cache used by buildConnector().
Reproducible By
import https from "node:https";
import { once } from "node:events";
import pem from "@metcoder95/https-pem";
import { buildConnector } from "undici";
const lookup = (hostname, options, cb) => {
if (options?.all) cb(null, [{ address: "127.0.0.1", family: 4 }]);
else cb(null, "127.0.0.1", 4);
};
const connect = buildConnector({
lookup,
maxCachedSessions: 1,
rejectUnauthorized: false,
});
const connectOnce = async ({ hostname, port }) => {
const { promise, resolve, reject } = Promise.withResolvers();
connect({ hostname, protocol: "https:", port }, (err, socket) => {
if (err) return reject(err);
const reused = socket.isSessionReused();
let response = "";
socket.setEncoding("utf8");
socket.on("data", (chunk) => {
response += chunk;
});
socket.on("error", reject);
socket.on("end", async () => {
await new Promise((resolve) => setTimeout(resolve, 50));
resolve(reused);
});
socket.write(
"GET / HTTP/1.1\r\nHost: " + hostname + "\r\nConnection: close\r\n\r\n",
);
});
return promise;
};
const a = https.createServer(pem, (req, res) => res.end("a")).listen(0);
const b = https.createServer(pem, (req, res) => res.end("b")).listen(0);
await Promise.all([once(a, "listening"), once(b, "listening")]);
const pa = a.address().port;
const pb = b.address().port;
console.log(await connectOnce({ hostname: "a.test", port: pa })); // false
console.log(await connectOnce({ hostname: "a.test", port: pa })); // true
console.log(await connectOnce({ hostname: "b.test", port: pb })); // false
console.log(await connectOnce({ hostname: "a.test", port: pa })); // expected false, actual true
a.close();
b.close();Expected Behavior
Logs & Screenshots
Environment
macOS 26.4.1
Node v24.15.0
undici v8.1.0
Bug Description
maxCachedSessionsdoes not appear to be enforced in the TLS session cache used bybuildConnector().Reproducible By
Expected Behavior
Logs & Screenshots
Environment
macOS 26.4.1
Node v24.15.0
undici v8.1.0