From f8a59bb61c0886f21b69207276b096a21327a496 Mon Sep 17 00:00:00 2001
From: isaacisrael <email.iisrael@gmail.com>
Date: Mon, 18 Aug 2025 06:00:02 +0000
Subject: [PATCH] feat: invalidate session cookie on unauthorized error

---
 infra/controller.js                      | 11 ++++++-----
 test/integration/api/v1/user/get.test.js | 22 ++++++++++++++++++++++
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/infra/controller.js b/infra/controller.js
index 5bf86cc..426cb86 100644
--- a/infra/controller.js
+++ b/infra/controller.js
@@ -15,11 +15,12 @@ function onNoMatchHandler(request, response) {
 }
 
 function onErrorHandler(error, request, response) {
-  if (
-    error instanceof ValidationError ||
-    error instanceof NotFoundError ||
-    error instanceof UnauthorizedError
-  ) {
+  if (error instanceof ValidationError || error instanceof NotFoundError) {
+    return response.status(error.statusCode).json(error);
+  }
+
+  if (error instanceof UnauthorizedError) {
+    clearSessionCookie(response);
     return response.status(error.statusCode).json(error);
   }
 
diff --git a/test/integration/api/v1/user/get.test.js b/test/integration/api/v1/user/get.test.js
index dc96b4b..6246404 100644
--- a/test/integration/api/v1/user/get.test.js
+++ b/test/integration/api/v1/user/get.test.js
@@ -90,6 +90,17 @@ describe("GET /api/v1/user", () => {
         action: "Check if user is logged in and try again.",
         status_code: 401,
       });
+
+      // Set-Cookie assertions
+
+      const parsedCookie = setCookieParser(response, { map: true });
+      expect(parsedCookie.session_id).toEqual({
+        name: "session_id",
+        value: "invalid",
+        maxAge: -1,
+        path: "/",
+        httpOnly: true,
+      });
     });
 
     test("With expired session", async () => {
@@ -118,6 +129,17 @@ describe("GET /api/v1/user", () => {
         action: "Check if user is logged in and try again.",
         status_code: 401,
       });
+
+      // Set-Cookie assertions
+
+      const parsedCookie = setCookieParser(response, { map: true });
+      expect(parsedCookie.session_id).toEqual({
+        name: "session_id",
+        value: "invalid",
+        maxAge: -1,
+        path: "/",
+        httpOnly: true,
+      });
     });
 
     test("With valid session about to expire", async () => {