@adonisjs/session 8.0.0-next.2 → 8.0.0-next.4

package/build/{database-vbrhCOPd.js → database-JbWAJqhn.js}

@@ -28,6 +28,14 @@ var DatabaseStore = class {
 			return null;
 		}
 	}
+	#rowToTaggedSession(row) {
+		const data = this.#parseSessionData(row.data, row.id);
+		if (!data) return null;
+		return {
+			id: row.id,
+			data
+		};
+	}
 	async read(sessionId) {
 		debug_default("database store: reading session data %s", sessionId);
 		const row = await this.#client.from(this.#tableName).where("id", sessionId).first();
@@ -60,23 +68,19 @@ var DatabaseStore = class {
 		await this.#client.from(this.#tableName).where("id", sessionId).update({ expires_at: expiresAt });
 	}
 	async tag(sessionId, userId) {
-		debug_default("database store: tagging session %s with user %s", sessionId, userId);
+		debug_default("database store: associating user %s with session %s", userId, sessionId);
 		const data = new MessageBuilder().build({}, void 0, sessionId);
 		const expiresAt = new Date(Date.now() + this.#ttlSeconds * 1e3);
 		await this.#client.insertQuery().table(this.#tableName).insert({
 			id: sessionId,
-			user_id: userId,
+			user_id: String(userId),
 			data,
 			expires_at: expiresAt
 		}).knexQuery.onConflict("id").merge(["user_id"]);
 	}
-	#rowToTaggedSession(row) {
-		const data = this.#parseSessionData(row.data, row.id);
-		if (!data) return null;
-		return {
-			id: row.id,
-			data
-		};
+	async untag(sessionId, userId) {
+		debug_default("database store: dissociating user %s from session %s", userId, sessionId);
+		await this.#client.query().from(this.#tableName).update({ user_id: null }).where({ id: sessionId });
 	}
 	async tagged(userId) {
 		debug_default("database store: getting sessions tagged with user %s", userId);

package/build/factories/main.js

@@ -1,10 +1,10 @@
-import "../session-C9DdRahS.js";
+import "../session-Dd5u7w5Y.js";
 import "../main-kn40V-hF.js";
-import { t as defineConfig } from "../session-Cb9-DoMh.js";
+import { t as defineConfig } from "../session-C9ZmQmpM.js";
 import "../debug-BZVg83L1.js";
 import "../values_store-CvR1Sn37.js";
-import "../session_collection-CvS5yIq6.js";
-import { t as SessionMiddleware } from "../session_middleware-gegOBxmm.js";
+import "../session_collection-D9JQJjpq.js";
+import { t as SessionMiddleware } from "../session_middleware-BoOMxNVH.js";
 import { Emitter } from "@adonisjs/core/events";
 import { AppFactory } from "@adonisjs/core/factories/app";
 var SessionMiddlewareFactory = class {

package/build/index.js

@@ -1,7 +1,7 @@
-import { r as errors_exports, t as Session } from "./session-C9DdRahS.js";
+import { r as errors_exports, t as Session } from "./session-Dd5u7w5Y.js";
 import { t as stubsRoot } from "./main-kn40V-hF.js";
-import { n as stores, r as configure, t as defineConfig } from "./session-Cb9-DoMh.js";
+import { n as stores, r as configure, t as defineConfig } from "./session-C9ZmQmpM.js";
 import "./debug-BZVg83L1.js";
 import { n as ValuesStore, t as ReadOnlyValuesStore } from "./values_store-CvR1Sn37.js";
-import { t as SessionCollection } from "./session_collection-CvS5yIq6.js";
+import { t as SessionCollection } from "./session_collection-D9JQJjpq.js";
 export { ReadOnlyValuesStore, Session, SessionCollection, ValuesStore, configure, defineConfig, errors_exports as errors, stores, stubsRoot };

package/build/providers/session_provider.js

@@ -1,8 +1,8 @@
-import "../session-C9DdRahS.js";
+import "../session-Dd5u7w5Y.js";
 import "../debug-BZVg83L1.js";
 import "../values_store-CvR1Sn37.js";
-import { t as SessionCollection } from "../session_collection-CvS5yIq6.js";
-import { t as SessionMiddleware } from "../session_middleware-gegOBxmm.js";
+import { t as SessionCollection } from "../session_collection-D9JQJjpq.js";
+import { t as SessionMiddleware } from "../session_middleware-BoOMxNVH.js";
 import { RuntimeException } from "@adonisjs/core/exceptions";
 import { configProvider } from "@adonisjs/core";
 var SessionProvider = class {

package/build/{redis-D8D9UtiD.js → redis-rAHxNQ_8.js}

@@ -71,7 +71,11 @@ var RedisStore = class {
 	}
 	async tag(sessionId, userId) {
 		debug_default("redis store: tagging session %s with user %s", sessionId, userId);
-		await this.#connection.sadd(this.#getTagKey(userId), sessionId);
+		await this.#connection.sadd(this.#getTagKey(userId.toString()), sessionId);
+	}
+	async untag(sessionId, userId) {
+		debug_default("redis store: untagging session %s from user %s", sessionId, userId);
+		await this.#connection.srem(this.#getTagKey(userId.toString()), sessionId);
 	}
 	async tagged(userId) {
 		debug_default("redis store: getting sessions tagged with user %s", userId);

package/build/{session-Cb9-DoMh.js → session-C9ZmQmpM.js}

@@ -32,7 +32,10 @@ var MemoryStore = class MemoryStore {
 	}
 	touch(_) {}
 	tag(sessionId, userId) {
-		MemoryStore.tags.set(sessionId, userId);
+		MemoryStore.tags.set(sessionId, String(userId));
+	}
+	untag(sessionId, _userId) {
+		MemoryStore.tags.delete(sessionId);
 	}
 	tagged(userId) {
 		const sessions = [];
@@ -50,7 +53,7 @@ var MemoryStore = class MemoryStore {
 function defineConfig(config) {
 	debug_default("processing session config %O", config);
 	if (!config.store) throw new InvalidArgumentsException("Missing \"store\" property inside the session config");
-	const { stores: stores$1, cookie, ...rest } = {
+	const { stores, cookie, ...rest } = {
 		enabled: true,
 		age: "2h",
 		cookieName: "adonis_session",
@@ -93,7 +96,7 @@ const stores = {
 	},
 	redis: (config) => {
 		return configProvider.create(async (app) => {
-			const { RedisStore } = await import("./redis-D8D9UtiD.js");
+			const { RedisStore } = await import("./redis-rAHxNQ_8.js");
 			const redis = await app.container.make("redis");
 			return (_, sessionConfig) => {
 				return new RedisStore(redis.connection(config.connection), sessionConfig.age);
@@ -123,7 +126,7 @@ const stores = {
 	},
 	database: (config) => {
 		return configProvider.create(async (app) => {
-			const { DatabaseStore } = await import("./database-vbrhCOPd.js");
+			const { DatabaseStore } = await import("./database-JbWAJqhn.js");
 			const db = await app.container.make("lucid.db");
 			const connectionName = config?.connectionName || db.primaryConnectionName;
 			if (!db.manager.has(connectionName)) throw new RuntimeException(`Invalid database connection "${connectionName}" referenced in session config`);

package/build/{session-C9DdRahS.js → session-Dd5u7w5Y.js}

@@ -5,8 +5,9 @@ import { createError } from "@adonisjs/core/exceptions";
 import { randomUUID } from "node:crypto";
 import Macroable from "@poppinss/macroable";
 import lodash from "@poppinss/utils/lodash";
+import is from "@adonisjs/core/helpers/is";
 var __defProp = Object.defineProperty;
-var __export = (all, symbols) => {
+var __exportAll = (all, symbols) => {
 	let target = {};
 	for (var name in all) __defProp(target, name, {
 		get: all[name],
@@ -15,7 +16,7 @@ var __export = (all, symbols) => {
 	if (symbols) __defProp(target, Symbol.toStringTag, { value: "Module" });
 	return target;
 };
-var errors_exports = /* @__PURE__ */ __export({
+var errors_exports = /* @__PURE__ */ __exportAll({
 	E_SESSION_NOT_MUTABLE: () => E_SESSION_NOT_MUTABLE,
 	E_SESSION_NOT_READY: () => E_SESSION_NOT_READY,
 	E_SESSION_TAGGING_NOT_SUPPORTED: () => E_SESSION_TAGGING_NOT_SUPPORTED
@@ -23,6 +24,7 @@ var errors_exports = /* @__PURE__ */ __export({
 const E_SESSION_NOT_MUTABLE = createError("Session store is in readonly mode and cannot be mutated", "E_SESSION_NOT_MUTABLE", 500);
 const E_SESSION_NOT_READY = createError("Session store has not been initiated. Make sure you have registered the session middleware", "E_SESSION_NOT_READY", 500);
 const E_SESSION_TAGGING_NOT_SUPPORTED = createError("Session store does not support tagging. Use memory, redis, or database store instead", "E_SESSION_TAGGING_NOT_SUPPORTED", 500);
+const STORE_IN_FLASH = Symbol.for("store_in_flash");
 var Session = class extends Macroable {
 	#store;
 	#emitter;
@@ -69,6 +71,18 @@ var Session = class extends Macroable {
 		if (mode === "write" && this.readonly) throw new E_SESSION_NOT_MUTABLE();
 		return this.responseFlashMessages;
 	}
+	shouldFlashValue(value) {
+		if (value && typeof value === "object") return STORE_IN_FLASH in value ? value[STORE_IN_FLASH] : true;
+		return true;
+	}
+	cleanupFlashData(data) {
+		if (is.plainObject(data)) return Object.keys(data).reduce((result, key) => {
+			const value = data[key];
+			if (this.shouldFlashValue(value)) result[key] = value;
+			return result;
+		}, {});
+		return data;
+	}
 	#getValuesStore(mode) {
 		if (!this.#valuesStore) throw new E_SESSION_NOT_READY();
 		if (mode === "write" && this.readonly) throw new E_SESSION_NOT_MUTABLE();
@@ -122,8 +136,8 @@ var Session = class extends Macroable {
 	}
 	flash(key, value) {
 		if (typeof key === "string") {
-			if (value) this.#getFlashStore("write").set(key, value);
-		} else this.#getFlashStore("write").merge(key);
+			if (value && this.shouldFlashValue(value)) this.#getFlashStore("write").set(key, value);
+		} else this.#getFlashStore("write").merge(this.cleanupFlashData(key));
 	}
 	flashErrors(errorsCollection) {
 		this.flash({ errorsBag: errorsCollection });
@@ -146,13 +160,20 @@ var Session = class extends Macroable {
 		this.flash("inputErrorsBag", errorsBag);
 	}
 	flashAll() {
-		return this.#getFlashStore("write").set("input", this.#ctx.request.original());
+		let requestInput = this.#ctx.request.original();
+		return this.#getFlashStore("write").set("input", this.cleanupFlashData(requestInput));
 	}
 	flashExcept(keys) {
-		this.#getFlashStore("write").set("input", lodash.omit(this.#ctx.request.original(), keys));
+		this.#getFlashStore("write").set("input", lodash.omitBy(this.#ctx.request.original(), (value, key) => {
+			if (keys.includes(key)) return true;
+			return !this.shouldFlashValue(value);
+		}));
 	}
 	flashOnly(keys) {
-		this.#getFlashStore("write").set("input", lodash.pick(this.#ctx.request.original(), keys));
+		this.#getFlashStore("write").set("input", lodash.pickBy(this.#ctx.request.original(), (value, key) => {
+			if (keys.includes(key)) return this.shouldFlashValue(value);
+			return false;
+		}));
 	}
 	reflash() {
 		this.#getFlashStore("write").set("reflashed", this.flashMessages.all());

package/build/{session_collection-CvS5yIq6.js → session_collection-D9JQJjpq.js}

@@ -1,4 +1,4 @@
-import { n as E_SESSION_TAGGING_NOT_SUPPORTED } from "./session-C9DdRahS.js";
+import { n as E_SESSION_TAGGING_NOT_SUPPORTED } from "./session-Dd5u7w5Y.js";
 import { t as debug_default } from "./debug-BZVg83L1.js";
 var SessionCollection = class {
 	#store;

package/build/{session_middleware-gegOBxmm.js → session_middleware-BoOMxNVH.js}

@@ -1,4 +1,4 @@
-import { t as Session } from "./session-C9DdRahS.js";
+import { t as Session } from "./session-Dd5u7w5Y.js";
 import { ExceptionHandler } from "@adonisjs/core/http";
 const originalErrorHandler = ExceptionHandler.prototype.renderValidationErrorAsHTML;
 ExceptionHandler.macro("renderValidationErrorAsHTML", async function(error, ctx) {

package/build/src/session.d.ts

@@ -73,6 +73,8 @@ export declare class Session extends Macroable {
      * @param ctx - HTTP context
      */
     constructor(config: SessionConfig, storeFactory: SessionStoreFactory, emitter: EmitterService, ctx: HttpContext);
+    protected shouldFlashValue(value: unknown): unknown;
+    protected cleanupFlashData<T>(data: T): T | Record<string, any>;
     /**
      * Initiates the session store. The method results in a noop when called multiple times.
      *

package/build/src/session_middleware.js

@@ -1,5 +1,5 @@
-import "../session-C9DdRahS.js";
+import "../session-Dd5u7w5Y.js";
 import "../debug-BZVg83L1.js";
 import "../values_store-CvR1Sn37.js";
-import { t as SessionMiddleware } from "../session_middleware-gegOBxmm.js";
+import { t as SessionMiddleware } from "../session_middleware-BoOMxNVH.js";
 export { SessionMiddleware as default };

package/build/src/stores/database.d.ts

@@ -60,7 +60,8 @@ export declare class DatabaseStore implements SessionStoreWithTaggingContract {
      * @param sessionId - Session identifier
      * @param userId - User identifier to tag the session with
      */
-    tag(sessionId: string, userId: string): Promise<void>;
+    tag(sessionId: string, userId: string | number): Promise<void>;
+    untag(sessionId: string, userId: string | number): Promise<void>;
     /**
      * Get all sessions for a given user ID (tag)
      *

package/build/src/stores/memory.d.ts

@@ -64,7 +64,14 @@ export declare class MemoryStore implements SessionStoreWithTaggingContract {
      * @param sessionId - Session identifier
      * @param userId - User identifier to tag the session with
      */
-    tag(sessionId: string, userId: string): void;
+    tag(sessionId: string, userId: string | number): void;
+    /**
+     * Untag a session from a user ID
+     *
+     * @param sessionId - Session identifier
+     * @param userId - User identifier (unused in memory store, as sessionId uniquely identifies the tag)
+     */
+    untag(sessionId: string, _userId: string | number): void;
     /**
      * Get all sessions for a given user ID (tag)
      *

package/build/src/stores/redis.d.ts

@@ -67,7 +67,14 @@ export declare class RedisStore implements SessionStoreWithTaggingContract {
      * @param sessionId - Session identifier
      * @param userId - User identifier to tag the session with
      */
-    tag(sessionId: string, userId: string): Promise<void>;
+    tag(sessionId: string, userId: string | number): Promise<void>;
+    /**
+     * Untag a session from a user ID
+     *
+     * @param sessionId - Session identifier
+     * @param userId - User identifier to untag the session from
+     */
+    untag(sessionId: string, userId: string | number): Promise<void>;
     /**
      * Get all sessions for a given user ID (tag)
      *

package/build/src/types.d.ts

@@ -84,6 +84,40 @@ export interface SessionStoreContract {
      */
     touch(sessionId: string): Promise<void> | void;
 }
+/**
+ * Extended session store contract that supports tagging sessions with user IDs.
+ * This enables querying all sessions for a specific user, useful for features
+ * like "logout from all devices" or "view active sessions".
+ *
+ * @example
+ * class MyStore implements SessionStoreWithTaggingContract {
+ *   // ... base SessionStoreContract methods ...
+ *
+ *   async tag(sessionId: string, userId: string) {
+ *     await this.storage.tag(sessionId, userId)
+ *   }
+ *
+ *   async tagged(userId: string) {
+ *     return await this.storage.getSessionsByUser(userId)
+ *   }
+ * }
+ */
+export interface SessionStoreWithTaggingContract extends SessionStoreContract {
+    /**
+     * Associates a session with a user ID (tag).
+     * This allows querying all sessions for a specific user.
+     */
+    tag(sessionId: string, userId: string | number): Promise<void> | void;
+    /**
+     * Dissociate a session from the user ID (tag).
+     */
+    untag(sessionId: string, userId: string | number): Promise<void> | void;
+    /**
+     * Returns all sessions associated with a given user ID (tag).
+     * Only returns non-expired sessions.
+     */
+    tagged(userId: string | number): Promise<TaggedSession[]> | TaggedSession[];
+}
 /**
  * Base configuration interface for session management.
  * Used by the session manager and middleware to control session behavior.
@@ -210,36 +244,6 @@ export type DynamoDBStoreConfig = ({
  * }
  */
 export type SessionStoreFactory = (ctx: HttpContext, sessionConfig: SessionConfig) => SessionStoreContract;
-/**
- * Extended session store contract that supports tagging sessions with user IDs.
- * This enables querying all sessions for a specific user, useful for features
- * like "logout from all devices" or "view active sessions".
- *
- * @example
- * class MyStore implements SessionStoreWithTaggingContract {
- *   // ... base SessionStoreContract methods ...
- *
- *   async tag(sessionId: string, userId: string) {
- *     await this.storage.tag(sessionId, userId)
- *   }
- *
- *   async tagged(userId: string) {
- *     return await this.storage.getSessionsByUser(userId)
- *   }
- * }
- */
-export interface SessionStoreWithTaggingContract extends SessionStoreContract {
-    /**
-     * Associates a session with a user ID (tag).
-     * This allows querying all sessions for a specific user.
-     */
-    tag(sessionId: string, userId: string): Promise<void> | void;
-    /**
-     * Returns all sessions associated with a given user ID (tag).
-     * Only returns non-expired sessions.
-     */
-    tagged(userId: string): Promise<TaggedSession[]> | TaggedSession[];
-}
 /**
  * Represents a tagged session with its ID and data
  */

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@adonisjs/session",
   "description": "Session provider for AdonisJS",
-  "version": "8.0.0-next.2",
+  "version": "8.0.0-next.4",
   "engines": {
     "node": ">=24.0.0"
   },
@@ -44,50 +44,50 @@
     "quick:test": "node --import=@poppinss/ts-exec --enable-source-maps bin/test.ts"
   },
   "devDependencies": {
-    "@adonisjs/assembler": "^8.0.0-next.26",
-    "@adonisjs/core": "^7.0.0-next.16",
-    "@adonisjs/eslint-config": "^3.0.0-next.5",
+    "@adonisjs/assembler": "^8.0.0-next.31",
+    "@adonisjs/core": "^7.0.0-next.27",
+    "@adonisjs/eslint-config": "^3.0.0-next.9",
     "@adonisjs/i18n": "^3.0.0-next.2",
-    "@adonisjs/lucid": "^22.0.0-next.0",
+    "@adonisjs/lucid": "^22.0.0-next.7",
     "@adonisjs/prettier-config": "^1.4.5",
     "@adonisjs/redis": "^10.0.0-next.2",
     "@adonisjs/tsconfig": "^2.0.0-next.3",
-    "@aws-sdk/client-dynamodb": "^3.955.0",
-    "@aws-sdk/util-dynamodb": "^3.955.0",
-    "@japa/api-client": "^3.1.1",
+    "@aws-sdk/client-dynamodb": "^3.980.0",
+    "@aws-sdk/util-dynamodb": "^3.980.0",
+    "@japa/api-client": "^3.2.1",
     "@japa/assert": "^4.2.0",
-    "@japa/browser-client": "^2.2.0",
+    "@japa/browser-client": "^2.3.0",
     "@japa/file-system": "^3.0.0",
-    "@japa/plugin-adonisjs": "^5.1.0-next.0",
-    "@japa/runner": "^5.0.0",
+    "@japa/plugin-adonisjs": "^5.1.0-next.1",
+    "@japa/runner": "^5.3.0",
     "@japa/snapshot": "^2.0.10",
-    "@poppinss/ts-exec": "^1.4.1",
+    "@poppinss/ts-exec": "^1.4.3",
     "@release-it/conventional-changelog": "^10.0.4",
-    "@types/node": "^25.0.3",
+    "@types/node": "^25.1.0",
     "@types/set-cookie-parser": "^2.4.10",
     "@types/supertest": "^6.0.3",
     "@vinejs/vine": "^4.2.0",
+    "better-sqlite3": "^12.6.2",
     "c8": "^10.1.3",
     "copyfiles": "^2.4.1",
-    "better-sqlite3": "^12.5.0",
-    "mysql2": "^3.15.3",
-    "pg": "^8.16.3",
     "cross-env": "^10.1.0",
     "edge.js": "^6.4.0",
     "eslint": "^9.39.2",
     "get-port": "^7.1.0",
-    "playwright": "^1.57.0",
-    "prettier": "^3.7.4",
-    "release-it": "^19.1.0",
-    "set-cookie-parser": "^2.7.2",
-    "supertest": "^7.1.4",
-    "tsdown": "^0.18.1",
-    "typedoc": "^0.28.15",
+    "mysql2": "^3.16.2",
+    "pg": "^8.18.0",
+    "playwright": "^1.58.1",
+    "prettier": "^3.8.1",
+    "release-it": "^19.2.4",
+    "set-cookie-parser": "^3.0.1",
+    "supertest": "^7.2.2",
+    "tsdown": "^0.20.1",
+    "typedoc": "^0.28.16",
     "typescript": "^5.9.3"
   },
   "dependencies": {
     "@poppinss/macroable": "^1.1.0",
-    "@poppinss/utils": "^7.0.0-next.4"
+    "@poppinss/utils": "^7.0.0-next.6"
   },
   "peerDependencies": {
     "@adonisjs/assembler": "^8.0.0-next.26",