Fix updateSession and header overwrite issues

[tusharpandey13]

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

📋 Changes

This PR implements three complementary fixes to resolve updateSession reliability issues:

• Fixed race condition in timestamp calculations - Eliminated inconsistent maxAge values by using the same updatedAt timestamp throughout calculateMaxAge() instead of calling this.epoch() twice, preventing Max-Age=0 cookies from timing inconsistencies

  • MODIFIED src/server/session/abstract-session-store.ts

• Implemented conditional legacy cookie cleanup - Added existence check before deleting legacy cookies to prevent unnecessary Max-Age=0 cookies appearing in response headers during updateSession() calls

  • MODIFIED src/server/session/stateless-session-store.ts
  • MODIFIED src/server/session/stateless-session-store.test.ts (updated test mocks)

• Fixed header overwrite in Pages Router - Resolved session chunk loss by collecting all set-cookie headers into an array before setting them, preventing res.setHeader() from overwriting multiple cookies

  • MODIFIED src/server/client.ts
  • ADDED src/server/updateSession-header-fix.test.ts (comprehensive test suite)

📎 References

Fixes: #2316

🎯 Testing

Automated:

• Updated existing StatelessSessionStore unit tests to mock getChunkedCookie() properly for legacy cookie scenarios
• Added comprehensive test suite updateSession-header-fix.test.ts covering multiple set-cookie header scenarios, legacy cookie deletion, and edge cases
• All 308+ unit tests pass

Manual:

1. Create a Pages Router API route that calls updateSession(req, res, session) with chunked session data
2. Add console.log(res.getHeaders()) immediately after the updateSession() call
3. Before fix: Shows either 'set-cookie': ['appSession=; Path=/; Max-Age=0'] (unnecessary deletion) or missing session chunks (header overwrite)
4. After fix: Shows all session chunks properly preserved without unnecessary Max-Age=0 deletion cookies

[codecov-commenter]

Codecov Report

❌ Patch coverage is 93.10345% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.57%. Comparing base (6daabeb) to head (567c946).

Files with missing lines	Patch %	Lines
src/server/client.ts	83.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2330      +/-   ##
==========================================
+ Coverage   85.47%   86.57%   +1.10%     
==========================================
  Files          26       26              
  Lines        2636     2652      +16     
  Branches      486      497      +11     
==========================================
+ Hits         2253     2296      +43     
+ Misses        377      350      -27     
  Partials        6        6              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.