Skip to content

fix(core) merge function does not handle all cases correctly#13030

Open
magom001 wants to merge 3 commits intonextauthjs:mainfrom
magom001:fix-merge
Open

fix(core) merge function does not handle all cases correctly#13030
magom001 wants to merge 3 commits intonextauthjs:mainfrom
magom001:fix-merge

Conversation

@magom001
Copy link

@magom001 magom001 commented Jun 5, 2025
edited
Loading

☕️ Reasoning

🧢 Checklist

  • Documentation
  • Tests
  • Ready to be merged

🎫 Affected issues

const target = {
      sessionToken: {
        name: "authjs.session-token",
        options: {
          httpOnly: true,
          sameSite: "lax",
          path: "/",
          secure: false,
        },
      }
}

const source = {
      sessionToken: {
        options: {
          expires: new Date("2024-01-01T00:00:00Z"),
        },
      }
}

// Call
merge(target, source)

const expected = {
      sessionToken: {
        name: "authjs.session-token",
        options: {
          httpOnly: true,
          sameSite: "lax",
          path: "/",
          secure: false,
          expires: source.sessionToken.options.expires,
        },
      }
}

// Actual result
 Object {
    "sessionToken": Object {
      "name": "authjs.session-token",
      "options": Object {
-       "expires": 2024-01-01T00:00:00.000Z,
+       "expires": Object {},
        "httpOnly": true,
        "path": "/",
        "sameSite": "lax",
        "secure": false,
      },
    },
  }

This bug leads to crash when setting

cookies: {
    sessionToken: {
        options: {
            expires: new Date('...')
        }
    }
}

See the first added unit test for a repro.

📌 Resources

@magom001 magom001 requested a review from ThangHuuVu as a code owner June 5, 2025 21:02
@vercel
Copy link

vercel bot commented Jun 5, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
auth-docs Ready Ready Preview Comment Sep 28, 2025 8:43am
1 Skipped Deployment
Project Deployment Preview Comments Updated (UTC)
next-auth-docs Ignored Ignored Preview Sep 28, 2025 8:43am

@vercel
Copy link

vercel bot commented Jun 5, 2025

@magom001 is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the core Refers to `@auth/core` label Jun 5, 2025
@magom001 magom001 changed the title Refactored merge fix(core) merge function does not handle all cases correctly Jun 5, 2025
@magom001 magom001 mentioned this pull request Jun 5, 2025
Closed
@magom001
Copy link
Author

magom001 commented Jun 5, 2025

I believe the faulty merge implementation is causing this bug when I set the expires property on the cookies options

Screenshot 2025-06-05 at 23 13 11

@magom001
Copy link
Author

magom001 commented Jun 12, 2025

@ThangHuuVu maybe using an external dependency (like https://github.com/fastify/deepmerge) is more appropriate for this case.

@magom001 magom001 mentioned this pull request Jun 17, 2025
Open
@github-actions
Copy link

github-actions bot commented Sep 28, 2025

Broken Link Checker

1 broken links found. Links organised below by source page, or page where they were found.

1) /getting-started/migrate-to-better-auth

Target Link Link Text
/docs "documentation"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

Assignees

No one assigned

Labels

core Refers to `@auth/core`

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@magom001