State in cookie doesn't changes on Fastify

[5d-jh]

When using with @fastify/passport and @fastify/secure-session, sometimes authentication doesn't work. It sends Forbidden on callback url which corresponds to verify step in this library.

After some inspection, I found that @fastify/secure-session doesn't flushes any changes made on the library. I resolved this issue by calling touch method every time when it's being modified.

--- a/lib/state/session.js
+++ b/lib/state/session.js
@@ -49,6 +49,7 @@ SessionStore.prototype.store = function(req, ctx, appState, meta, cb) {
 
   if (!req.session[key]) { req.session[key] = {}; }
   req.session[key].state = state;
+  req.session.touch();
 
   cb(null, handle);
 };
@@ -81,6 +82,7 @@ SessionStore.prototype.verify = function(req, handle, cb) {
   if (Object.keys(req.session[key]).length === 0) {
    delete req.session[key];
   }
+  req.session.touch();
 
   if (state.handle !== handle) {
    return cb(null, false, { message: 'Invalid authorization request state.' });

My suggestion is to call touch method if it's available for fastify compatibility

[mlaffargue]

Thanks for the pointer.
I modified my project to use touch when ending the reply, mixing with another patch for header.

  // https://github.com/nestjs/nest/issues/5702
  // Fastify passport workaround (missing setHeader)
  app
    .getHttpAdapter()
    .getInstance()
    .addHook('onRequest', (request: any, reply: any, done): void => {     
      reply.setHeader = function (key: string, value: string): void {
        return this.raw.setHeader(key, value);
      };
      reply.end = function (): void {
        request.session.touch();
        this.send();
      };
      
      request.res = reply;
      done();
    });