Closed
Description
Checklist
- The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the API documentation and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
While testing the cookie chunking feature that was added in 4.3.0, I ran into an issue. Our flow looks something like this:
- User logs into the app (cookie size is < 3500 KB so it's saved as
__session) - User performs an action that results in an additional claim being added to the user's session (cookie size exceeds threshold and gets chunked into
__session__0and__session__1) - When retrieving the user's session, the original
__sessioncookie still exists and is returned instead of the chunked cookie.
In v3, the original cookie gets deleted when going from non-chunked -> chunked, which is what I was expecting to happen in v4 as well.
Reproduction
To be able to reproduce, you'll need to start off with a cookie that's just under the chunking threshold and have a mechanism for increasing the size of the cookie (i.e. adding an additional claim). The steps would be something like:
- Log in
- Verify
__sessioncookie is set - Perform action that results in a larger cookie (i.e. adds an additional claim)
- Verify
__session__0and__session__1cookies are set (and__sessionstill exists) - Perform an action that depends on the additional claim information that was added in step 3.
Additional context
Relevant code from v3: https://github.com/auth0/nextjs-auth0/blob/v3.7.0/src/auth0-session/session/stateless-session.ts#L149-L151
nextjs-auth0 version
4.3.0
Next.js version
15.2.4
Node.js version
22.14.0
Metadata
Metadata
Assignees
Labels
No labels