@prairielearn/session 3.0.10 → 3.0.12

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @prairielearn/session
 
+## 3.0.12
+
+### Patch Changes
+
+- 984dc62: Upgrade all JavaScript dependencies
+
+## 3.0.11
+
+### Patch Changes
+
+- 49bb3fa: Upgrade all JavaScript dependencies
+
 ## 3.0.10
 
 ### Patch Changes

package/dist/before-end.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"before-end.test.js","sourceRoot":"","sources":["../src/before-end.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAC9B,OAAO,OAAO,EAAE,EAAkD,MAAM,SAAS,CAAC;AAClF,OAAO,KAAK,MAAM,YAAY,CAAC;AAE/B,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAE9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YAC1B,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;gBAC9B,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAEjD,IAAI,KAAK,GAAiB,IAAI,CAAC;QAC/B,GAAG,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,IAAa,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACtE,KAAK,GAAG,GAAG,CAAC;YACZ,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;YACtC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;YAE7B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { assert } from 'chai';\nimport express, { type Request, type Response, type NextFunction } from 'express';\nimport fetch from 'node-fetch';\n\nimport { withServer } from '@prairielearn/express-test-utils';\n\nimport { beforeEnd } from './before-end.js';\n\ndescribe('beforeEnd', () => {\n  it('handles errors correctly', async () => {\n    const app = express();\n    app.use((_req, res, next) => {\n      beforeEnd(res, next, async () => {\n        throw new Error('oops');\n      });\n\n      next();\n    });\n\n    app.get('/', (_req, res) => res.sendStatus(200));\n\n    let error: Error | null = null;\n    app.use((err: any, _req: Request, _res: Response, next: NextFunction) => {\n      error = err;\n      next();\n    });\n\n    await withServer(app, async ({ url }) => {\n      const res = await fetch(url);\n\n      assert.equal(res.status, 200);\n      assert.equal(error?.message, 'oops');\n    });\n  });\n});\n"]}
+{"version":3,"file":"before-end.test.js","sourceRoot":"","sources":["../src/before-end.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AAC9B,OAAO,OAAO,EAAE,EAAkD,MAAM,SAAS,CAAC;AAClF,OAAO,KAAK,MAAM,YAAY,CAAC;AAE/B,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAE9D,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;QACxC,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YAC1B,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;gBAC9B,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC,CAAC,CAAC;YAEH,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAEjD,IAAI,KAAK,GAAiB,IAAI,CAAC;QAC/B,GAAG,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,IAAa,EAAE,IAAc,EAAE,IAAkB,EAAE,EAAE;YACtE,KAAK,GAAG,GAAG,CAAC;YACZ,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,MAAM,UAAU,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE;YACtC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;YAE7B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { assert } from 'chai';\nimport express, { type NextFunction, type Request, type Response } from 'express';\nimport fetch from 'node-fetch';\n\nimport { withServer } from '@prairielearn/express-test-utils';\n\nimport { beforeEnd } from './before-end.js';\n\ndescribe('beforeEnd', () => {\n  it('handles errors correctly', async () => {\n    const app = express();\n    app.use((_req, res, next) => {\n      beforeEnd(res, next, async () => {\n        throw new Error('oops');\n      });\n\n      next();\n    });\n\n    app.get('/', (_req, res) => res.sendStatus(200));\n\n    let error: Error | null = null;\n    app.use((err: any, _req: Request, _res: Response, next: NextFunction) => {\n      error = err;\n      next();\n    });\n\n    await withServer(app, async ({ url }) => {\n      const res = await fetch(url);\n\n      assert.equal(res.status, 200);\n      assert.equal(error?.message, 'oops');\n    });\n  });\n});\n"]}

package/dist/index.js

@@ -3,8 +3,8 @@ import signature from 'cookie-signature';
 import asyncHandler from 'express-async-handler';
 import onHeaders from 'on-headers';
 import { beforeEnd } from './before-end.js';
-import { shouldSecureCookie, getSessionIdFromCookie } from './cookie.js';
-import { generateSessionId, loadSession, hashSession, truncateExpirationDate, } from './session.js';
+import { getSessionIdFromCookie, shouldSecureCookie } from './cookie.js';
+import { generateSessionId, hashSession, loadSession, truncateExpirationDate, } from './session.js';
 import {} from './store.js';
 const DEFAULT_COOKIE_NAME = 'session';
 const DEFAULT_COOKIE_MAX_AGE = 86400000; // 1 day

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,SAAS,MAAM,kBAAkB,CAAC;AAEzC,OAAO,YAAY,MAAM,uBAAuB,CAAC;AACjD,OAAO,SAAS,MAAM,YAAY,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAqB,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAC5F,OAAO,EAEL,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,sBAAsB,GACvB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAqB,MAAM,YAAY,CAAC;AA4C/C,MAAM,mBAAmB,GAAG,SAAS,CAAC;AACtC,MAAM,sBAAsB,GAAG,QAAQ,CAAC,CAAC,QAAQ;AAEjD,MAAM,UAAU,uBAAuB,CAAC,OAAuB;IAC7D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,mBAAmB,CAAC;IAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,sBAAsB,CAAC;IACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAE5B,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,EAAE,UAAU,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,MAAM,EAAE,cAAc,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,IACE,OAAO,CAAC,MAAM,EAAE,cAAc;QAC9B,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAChE,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,UAAU,iBAAiB,CAClD,GAAY,EACZ,GAAa,EACb,IAAkB;QAElB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,sBAAsB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,eAAe,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,CAAC;QACjE,GAAG,CAAC,OAAO,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAErE,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,sBAAsB,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAE/D,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE;YAClB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,IAAI,eAAe,EAAE,CAAC;oBACpB,mEAAmE;oBACnE,+BAA+B;oBAC/B,EAAE;oBACF,qEAAqE;oBACrE,0EAA0E;oBAC1E,sEAAsE;oBACtE,uEAAuE;oBACvE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;wBACzC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;wBAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC;wBACrF,IAAI,MAAM,EAAE,CAAC;4BACX,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;wBAClE,CAAC;oBACH,CAAC,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,CAAC;YAC/E,IAAI,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7C,iDAAiD;gBACjD,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;YACpF,MAAM,YAAY,GAAG,CAAC,eAAe,IAAI,eAAe,KAAK,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,MAAM,mBAAmB,GACvB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,YAAY,IAAI,mBAAmB,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1D,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;oBACzC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,eAAe,EAAE;wBACtC,MAAM,EAAE,YAAY;wBACpB,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,IAAI;wBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM;wBAC9B,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,KAAK;wBAC3C,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE;wBACxC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;qBAC/C,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAE7B,KAAK,UAAU,cAAc,CAAC,GAAY;YACxC,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;gBACrC,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,gBAAgB,GAAG,IAAI,CAAC;YAExB,sEAAsE;YACtE,gEAAgE;YAChE,EAAE;YACF,yEAAyE;YACzE,wEAAwE;YACxE,wEAAwE;YACxE,mDAAmD;YACnD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,YAAY,CAAC;YAC9D,MAAM,iBAAiB,GACrB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,WAAW,IAAI,iBAAiB,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC,GAAG,CACb,GAAG,CAAC,OAAO,CAAC,EAAE,EACd,GAAG,CAAC,OAAO;gBACX,sEAAsE;gBACtE,oEAAoE;gBACpE,sBAAsB;gBACtB,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CACxD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,qDAAqD;QACrD,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;YAC9B,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,GAAG,CAAC,QAAe,CAAC;QAC7C,GAAG,CAAC,QAAQ,GAAG,SAAS,QAAQ,CAAC,GAAG,IAAW;YAC7C,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CACtB,GAAG,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,EACvC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC;QAEF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB,EAAE,MAAc;IACtD,OAAO,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC","sourcesContent":["import cookie from 'cookie';\nimport signature from 'cookie-signature';\nimport type { Request, Response, NextFunction } from 'express';\nimport asyncHandler from 'express-async-handler';\nimport onHeaders from 'on-headers';\n\nimport { beforeEnd } from './before-end.js';\nimport { type CookieSecure, shouldSecureCookie, getSessionIdFromCookie } from './cookie.js';\nimport {\n  type Session,\n  generateSessionId,\n  loadSession,\n  hashSession,\n  truncateExpirationDate,\n} from './session.js';\nimport { type SessionStore } from './store.js';\n\ndeclare global {\n  // eslint-disable-next-line @typescript-eslint/no-namespace\n  namespace Express {\n    interface Request {\n      session: Session;\n    }\n  }\n}\n\ninterface CookieOptions {\n  secure?: CookieSecure;\n  httpOnly?: boolean;\n  domain?: string;\n  sameSite?: boolean | 'none' | 'lax' | 'strict';\n  maxAge?: number;\n}\n\nexport interface SessionOptions {\n  secret: string | string[];\n  store: SessionStore;\n  cookie?: CookieOptions & {\n    /**\n     * The name of the session cookie. The session is always read from this\n     * named cookie, but it may be written to multiple cookies if `writeNames`\n     * is provided.\n     */\n    name?: string;\n    /**\n     * Multiple write names can be provided to allow for a session cookie to be\n     * written to multiple names. This can be useful for a migration of a cookie\n     * to an explicit subdomain, for example.\n     */\n    writeNames?: string[];\n    /**\n     * Used with `writeNames` to provide additional options for each written cookie.\n     */\n    writeOverrides?: Omit<CookieOptions, 'secure'>[];\n  };\n}\n\nexport type { SessionStore };\n\nconst DEFAULT_COOKIE_NAME = 'session';\nconst DEFAULT_COOKIE_MAX_AGE = 86400000; // 1 day\n\nexport function createSessionMiddleware(options: SessionOptions) {\n  const secrets = Array.isArray(options.secret) ? options.secret : [options.secret];\n  const cookieName = options.cookie?.name ?? DEFAULT_COOKIE_NAME;\n  const cookieMaxAge = options.cookie?.maxAge ?? DEFAULT_COOKIE_MAX_AGE;\n  const store = options.store;\n\n  // Ensure that the session cookie that we're reading from will be written to.\n  const writeCookieNames = options.cookie?.writeNames ?? [cookieName];\n  if (!writeCookieNames.includes(cookieName)) {\n    throw new Error('cookie.name must be included in cookie.writeNames');\n  }\n\n  // Validate write overrides.\n  if (options.cookie?.writeOverrides && !options.cookie.writeNames) {\n    throw new Error('cookie.writeOverrides must be used with cookie.writeNames');\n  }\n  if (\n    options.cookie?.writeOverrides &&\n    options.cookie.writeOverrides.length !== writeCookieNames.length\n  ) {\n    throw new Error('cookie.writeOverrides must have the same length as cookie.writeNames');\n  }\n\n  return asyncHandler(async function sessionMiddleware(\n    req: Request,\n    res: Response,\n    next: NextFunction,\n  ) {\n    const cookies = cookie.parse(req.headers.cookie ?? '');\n    const sessionCookie = cookies[cookieName];\n    const cookieSessionId = getSessionIdFromCookie(sessionCookie, secrets);\n    const sessionId = cookieSessionId ?? (await generateSessionId());\n    req.session = await loadSession(sessionId, req, store, cookieMaxAge);\n\n    const originalHash = hashSession(req.session);\n    const originalExpirationDate = req.session.getExpirationDate();\n\n    onHeaders(res, () => {\n      if (!req.session) {\n        if (cookieSessionId) {\n          // If the request arrived with a session cookie but the session was\n          // destroyed, clear the cookie.\n          //\n          // To cover all our bases, we'll clear *all* known session cookies to\n          // ensure that state sessions aren't left behind. We'll also send commands\n          // to clear the cookies both on and off the explicit domain, to handle\n          // the case where the application has moved from one domain to another.\n          writeCookieNames.forEach((cookieName, i) => {\n            res.clearCookie(cookieName);\n            const domain = options.cookie?.writeOverrides?.[i]?.domain ?? options.cookie?.domain;\n            if (domain) {\n              res.clearCookie(cookieName, { domain: options.cookie?.domain });\n            }\n          });\n          return;\n        }\n\n        // There is no session to do anything with.\n        return;\n      }\n\n      const secureCookie = shouldSecureCookie(req, options.cookie?.secure ?? 'auto');\n      if (secureCookie && req.protocol !== 'https') {\n        // Avoid sending cookie over insecure connection.\n        return;\n      }\n\n      // Ensure that all known session cookies are set to the same value.\n      const hasAllCookies = writeCookieNames.every((cookieName) => !!cookies[cookieName]);\n      const isNewSession = !cookieSessionId || cookieSessionId !== req.session.id;\n      const didExpirationChange =\n        originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n      if (isNewSession || didExpirationChange || !hasAllCookies) {\n        const signedSessionId = signSessionId(req.session.id, secrets[0]);\n        writeCookieNames.forEach((cookieName, i) => {\n          res.cookie(cookieName, signedSessionId, {\n            secure: secureCookie,\n            httpOnly: options.cookie?.httpOnly ?? true,\n            domain: options.cookie?.domain,\n            sameSite: options.cookie?.sameSite ?? false,\n            expires: req.session.getExpirationDate(),\n            ...(options.cookie?.writeOverrides?.[i] ?? {}),\n          });\n        });\n      }\n    });\n\n    let sessionPersisted = false;\n\n    async function persistSession(req: Request) {\n      if (!req.session || sessionPersisted) {\n        // There is no session to do anything with.\n        return;\n      }\n\n      sessionPersisted = true;\n\n      // If this is a new session, we would have already persisted it to the\n      // store, so we don't need to take that into consideration here.\n      //\n      // If the hash of the session data changed, we'll unconditionally persist\n      // the updated data to the store. However, if the hash didn't change, we\n      // only want to persist it if the expiration changed *and* if we can set\n      // a cookie to reflect the updated expiration date.\n      const hashChanged = hashSession(req.session) !== originalHash;\n      const expirationChanged =\n        originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n      if (hashChanged || expirationChanged) {\n        await store.set(\n          req.session.id,\n          req.session,\n          // Cookies only support second-level resolution. To ensure consistency\n          // between the cookie and the store, truncate the expiration date to\n          // the nearest second.\n          truncateExpirationDate(req.session.getExpirationDate()),\n        );\n      }\n    }\n\n    // We'll attempt to persist the session at the end of the request. This\n    // hacky strategy is borrowed from `express-session`.\n    beforeEnd(res, next, async () => {\n      await persistSession(req);\n    });\n\n    // We'll also attempt to persist the session before performing a redirect.\n    // This is necessary because browsers and `fetch()` implementations aren't\n    // required to wait for a response body to be received before following a\n    // redirect. So, we need to make sure that the session is persisted before\n    // we send the redirect response. This way, the subsequent GET will be able\n    // to load the latest session data.\n    const originalRedirect = res.redirect as any;\n    res.redirect = function redirect(...args: any[]) {\n      persistSession(req).then(\n        () => originalRedirect.apply(res, args),\n        (err) => next(err),\n      );\n    };\n\n    next();\n  });\n}\n\nfunction signSessionId(sessionId: string, secret: string): string {\n  return signature.sign(sessionId, secret);\n}\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,SAAS,MAAM,kBAAkB,CAAC;AAEzC,OAAO,YAAY,MAAM,uBAAuB,CAAC;AACjD,OAAO,SAAS,MAAM,YAAY,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAqB,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC5F,OAAO,EAEL,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,sBAAsB,GACvB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAqB,MAAM,YAAY,CAAC;AA4C/C,MAAM,mBAAmB,GAAG,SAAS,CAAC;AACtC,MAAM,sBAAsB,GAAG,QAAQ,CAAC,CAAC,QAAQ;AAEjD,MAAM,UAAU,uBAAuB,CAAC,OAAuB;IAC7D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,mBAAmB,CAAC;IAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,sBAAsB,CAAC;IACtE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAE5B,6EAA6E;IAC7E,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,EAAE,UAAU,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,MAAM,EAAE,cAAc,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,IACE,OAAO,CAAC,MAAM,EAAE,cAAc;QAC9B,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,KAAK,gBAAgB,CAAC,MAAM,EAChE,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,YAAY,CAAC,KAAK,UAAU,iBAAiB,CAClD,GAAY,EACZ,GAAa,EACb,IAAkB;QAElB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,eAAe,GAAG,sBAAsB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,eAAe,IAAI,CAAC,MAAM,iBAAiB,EAAE,CAAC,CAAC;QACjE,GAAG,CAAC,OAAO,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAErE,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,MAAM,sBAAsB,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAE/D,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE;YAClB,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;gBACjB,IAAI,eAAe,EAAE,CAAC;oBACpB,mEAAmE;oBACnE,+BAA+B;oBAC/B,EAAE;oBACF,qEAAqE;oBACrE,0EAA0E;oBAC1E,sEAAsE;oBACtE,uEAAuE;oBACvE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;wBACzC,GAAG,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;wBAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,IAAI,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC;wBACrF,IAAI,MAAM,EAAE,CAAC;4BACX,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;wBAClE,CAAC;oBACH,CAAC,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBAED,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,MAAM,YAAY,GAAG,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,CAAC;YAC/E,IAAI,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;gBAC7C,iDAAiD;gBACjD,OAAO;YACT,CAAC;YAED,mEAAmE;YACnE,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC;YACpF,MAAM,YAAY,GAAG,CAAC,eAAe,IAAI,eAAe,KAAK,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5E,MAAM,mBAAmB,GACvB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,YAAY,IAAI,mBAAmB,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1D,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,gBAAgB,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE;oBACzC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,eAAe,EAAE;wBACtC,MAAM,EAAE,YAAY;wBACpB,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,IAAI;wBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,MAAM;wBAC9B,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,QAAQ,IAAI,KAAK;wBAC3C,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE;wBACxC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;qBAC/C,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,gBAAgB,GAAG,KAAK,CAAC;QAE7B,KAAK,UAAU,cAAc,CAAC,GAAY;YACxC,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;gBACrC,2CAA2C;gBAC3C,OAAO;YACT,CAAC;YAED,gBAAgB,GAAG,IAAI,CAAC;YAExB,sEAAsE;YACtE,gEAAgE;YAChE,EAAE;YACF,yEAAyE;YACzE,wEAAwE;YACxE,wEAAwE;YACxE,mDAAmD;YACnD,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,YAAY,CAAC;YAC9D,MAAM,iBAAiB,GACrB,sBAAsB,CAAC,OAAO,EAAE,KAAK,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,OAAO,EAAE,CAAC;YACjF,IAAI,WAAW,IAAI,iBAAiB,EAAE,CAAC;gBACrC,MAAM,KAAK,CAAC,GAAG,CACb,GAAG,CAAC,OAAO,CAAC,EAAE,EACd,GAAG,CAAC,OAAO;gBACX,sEAAsE;gBACtE,oEAAoE;gBACpE,sBAAsB;gBACtB,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CACxD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,qDAAqD;QACrD,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,IAAI,EAAE;YAC9B,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,0EAA0E;QAC1E,0EAA0E;QAC1E,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,mCAAmC;QACnC,MAAM,gBAAgB,GAAG,GAAG,CAAC,QAAe,CAAC;QAC7C,GAAG,CAAC,QAAQ,GAAG,SAAS,QAAQ,CAAC,GAAG,IAAW;YAC7C,cAAc,CAAC,GAAG,CAAC,CAAC,IAAI,CACtB,GAAG,EAAE,CAAC,gBAAgB,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,EACvC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CACnB,CAAC;QACJ,CAAC,CAAC;QAEF,IAAI,EAAE,CAAC;IACT,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB,EAAE,MAAc;IACtD,OAAO,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC","sourcesContent":["import cookie from 'cookie';\nimport signature from 'cookie-signature';\nimport type { NextFunction, Request, Response } from 'express';\nimport asyncHandler from 'express-async-handler';\nimport onHeaders from 'on-headers';\n\nimport { beforeEnd } from './before-end.js';\nimport { type CookieSecure, getSessionIdFromCookie, shouldSecureCookie } from './cookie.js';\nimport {\n  type Session,\n  generateSessionId,\n  hashSession,\n  loadSession,\n  truncateExpirationDate,\n} from './session.js';\nimport { type SessionStore } from './store.js';\n\ndeclare global {\n  // eslint-disable-next-line @typescript-eslint/no-namespace\n  namespace Express {\n    interface Request {\n      session: Session;\n    }\n  }\n}\n\ninterface CookieOptions {\n  secure?: CookieSecure;\n  httpOnly?: boolean;\n  domain?: string;\n  sameSite?: boolean | 'none' | 'lax' | 'strict';\n  maxAge?: number;\n}\n\nexport interface SessionOptions {\n  secret: string | string[];\n  store: SessionStore;\n  cookie?: CookieOptions & {\n    /**\n     * The name of the session cookie. The session is always read from this\n     * named cookie, but it may be written to multiple cookies if `writeNames`\n     * is provided.\n     */\n    name?: string;\n    /**\n     * Multiple write names can be provided to allow for a session cookie to be\n     * written to multiple names. This can be useful for a migration of a cookie\n     * to an explicit subdomain, for example.\n     */\n    writeNames?: string[];\n    /**\n     * Used with `writeNames` to provide additional options for each written cookie.\n     */\n    writeOverrides?: Omit<CookieOptions, 'secure'>[];\n  };\n}\n\nexport type { SessionStore };\n\nconst DEFAULT_COOKIE_NAME = 'session';\nconst DEFAULT_COOKIE_MAX_AGE = 86400000; // 1 day\n\nexport function createSessionMiddleware(options: SessionOptions) {\n  const secrets = Array.isArray(options.secret) ? options.secret : [options.secret];\n  const cookieName = options.cookie?.name ?? DEFAULT_COOKIE_NAME;\n  const cookieMaxAge = options.cookie?.maxAge ?? DEFAULT_COOKIE_MAX_AGE;\n  const store = options.store;\n\n  // Ensure that the session cookie that we're reading from will be written to.\n  const writeCookieNames = options.cookie?.writeNames ?? [cookieName];\n  if (!writeCookieNames.includes(cookieName)) {\n    throw new Error('cookie.name must be included in cookie.writeNames');\n  }\n\n  // Validate write overrides.\n  if (options.cookie?.writeOverrides && !options.cookie.writeNames) {\n    throw new Error('cookie.writeOverrides must be used with cookie.writeNames');\n  }\n  if (\n    options.cookie?.writeOverrides &&\n    options.cookie.writeOverrides.length !== writeCookieNames.length\n  ) {\n    throw new Error('cookie.writeOverrides must have the same length as cookie.writeNames');\n  }\n\n  return asyncHandler(async function sessionMiddleware(\n    req: Request,\n    res: Response,\n    next: NextFunction,\n  ) {\n    const cookies = cookie.parse(req.headers.cookie ?? '');\n    const sessionCookie = cookies[cookieName];\n    const cookieSessionId = getSessionIdFromCookie(sessionCookie, secrets);\n    const sessionId = cookieSessionId ?? (await generateSessionId());\n    req.session = await loadSession(sessionId, req, store, cookieMaxAge);\n\n    const originalHash = hashSession(req.session);\n    const originalExpirationDate = req.session.getExpirationDate();\n\n    onHeaders(res, () => {\n      if (!req.session) {\n        if (cookieSessionId) {\n          // If the request arrived with a session cookie but the session was\n          // destroyed, clear the cookie.\n          //\n          // To cover all our bases, we'll clear *all* known session cookies to\n          // ensure that state sessions aren't left behind. We'll also send commands\n          // to clear the cookies both on and off the explicit domain, to handle\n          // the case where the application has moved from one domain to another.\n          writeCookieNames.forEach((cookieName, i) => {\n            res.clearCookie(cookieName);\n            const domain = options.cookie?.writeOverrides?.[i]?.domain ?? options.cookie?.domain;\n            if (domain) {\n              res.clearCookie(cookieName, { domain: options.cookie?.domain });\n            }\n          });\n          return;\n        }\n\n        // There is no session to do anything with.\n        return;\n      }\n\n      const secureCookie = shouldSecureCookie(req, options.cookie?.secure ?? 'auto');\n      if (secureCookie && req.protocol !== 'https') {\n        // Avoid sending cookie over insecure connection.\n        return;\n      }\n\n      // Ensure that all known session cookies are set to the same value.\n      const hasAllCookies = writeCookieNames.every((cookieName) => !!cookies[cookieName]);\n      const isNewSession = !cookieSessionId || cookieSessionId !== req.session.id;\n      const didExpirationChange =\n        originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n      if (isNewSession || didExpirationChange || !hasAllCookies) {\n        const signedSessionId = signSessionId(req.session.id, secrets[0]);\n        writeCookieNames.forEach((cookieName, i) => {\n          res.cookie(cookieName, signedSessionId, {\n            secure: secureCookie,\n            httpOnly: options.cookie?.httpOnly ?? true,\n            domain: options.cookie?.domain,\n            sameSite: options.cookie?.sameSite ?? false,\n            expires: req.session.getExpirationDate(),\n            ...(options.cookie?.writeOverrides?.[i] ?? {}),\n          });\n        });\n      }\n    });\n\n    let sessionPersisted = false;\n\n    async function persistSession(req: Request) {\n      if (!req.session || sessionPersisted) {\n        // There is no session to do anything with.\n        return;\n      }\n\n      sessionPersisted = true;\n\n      // If this is a new session, we would have already persisted it to the\n      // store, so we don't need to take that into consideration here.\n      //\n      // If the hash of the session data changed, we'll unconditionally persist\n      // the updated data to the store. However, if the hash didn't change, we\n      // only want to persist it if the expiration changed *and* if we can set\n      // a cookie to reflect the updated expiration date.\n      const hashChanged = hashSession(req.session) !== originalHash;\n      const expirationChanged =\n        originalExpirationDate.getTime() !== req.session.getExpirationDate().getTime();\n      if (hashChanged || expirationChanged) {\n        await store.set(\n          req.session.id,\n          req.session,\n          // Cookies only support second-level resolution. To ensure consistency\n          // between the cookie and the store, truncate the expiration date to\n          // the nearest second.\n          truncateExpirationDate(req.session.getExpirationDate()),\n        );\n      }\n    }\n\n    // We'll attempt to persist the session at the end of the request. This\n    // hacky strategy is borrowed from `express-session`.\n    beforeEnd(res, next, async () => {\n      await persistSession(req);\n    });\n\n    // We'll also attempt to persist the session before performing a redirect.\n    // This is necessary because browsers and `fetch()` implementations aren't\n    // required to wait for a response body to be received before following a\n    // redirect. So, we need to make sure that the session is persisted before\n    // we send the redirect response. This way, the subsequent GET will be able\n    // to load the latest session data.\n    const originalRedirect = res.redirect as any;\n    res.redirect = function redirect(...args: any[]) {\n      persistSession(req).then(\n        () => originalRedirect.apply(res, args),\n        (err) => next(err),\n      );\n    };\n\n    next();\n  });\n}\n\nfunction signSessionId(sessionId: string, secret: string): string {\n  return signature.sign(sessionId, secret);\n}\n"]}

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@prairielearn/session",
-  "version": "3.0.10",
+  "version": "3.0.12",
   "type": "module",
-  "main": "dist/index.js",
   "repository": {
     "type": "git",
     "url": "https://github.com/PrairieLearn/PrairieLearn.git",
     "directory": "packages/session"
   },
+  "main": "dist/index.js",
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch --preserveWatchOutput",
@@ -24,24 +24,24 @@
   "devDependencies": {
     "@prairielearn/express-test-utils": "^2.0.0",
     "@prairielearn/tsconfig": "^0.0.0",
-    "@types/chai": "^5.0.1",
+    "@types/chai": "^5.2.1",
     "@types/cookie": "^0.6.0",
     "@types/cookie-signature": "^1.1.2",
-    "@types/node": "^20.17.16",
+    "@types/node": "^20.17.28",
     "@types/node-fetch": "^2.6.12",
     "@types/on-headers": "^1.0.3",
     "@types/set-cookie-parser": "^2.4.10",
     "@types/uid-safe": "^2.1.5",
     "c8": "^10.1.3",
-    "chai": "^5.1.2",
+    "chai": "^5.2.0",
     "express": "^4.21.2",
     "fetch-cookie": "^3.1.0",
-    "mocha": "^10.8.2",
+    "mocha": "^11.1.0",
     "node-fetch": "^3.3.2",
     "set-cookie-parser": "^2.7.1",
     "source-map-support": "^0.5.21",
-    "tsx": "^4.19.2",
-    "typescript": "^5.7.3"
+    "tsx": "^4.19.3",
+    "typescript": "^5.8.2"
   },
   "c8": {
     "reporter": [

package/src/before-end.test.ts

@@ -1,5 +1,5 @@
 import { assert } from 'chai';
-import express, { type Request, type Response, type NextFunction } from 'express';
+import express, { type NextFunction, type Request, type Response } from 'express';
 import fetch from 'node-fetch';
 
 import { withServer } from '@prairielearn/express-test-utils';

package/src/index.ts

@@ -1,16 +1,16 @@
 import cookie from 'cookie';
 import signature from 'cookie-signature';
-import type { Request, Response, NextFunction } from 'express';
+import type { NextFunction, Request, Response } from 'express';
 import asyncHandler from 'express-async-handler';
 import onHeaders from 'on-headers';
 
 import { beforeEnd } from './before-end.js';
-import { type CookieSecure, shouldSecureCookie, getSessionIdFromCookie } from './cookie.js';
+import { type CookieSecure, getSessionIdFromCookie, shouldSecureCookie } from './cookie.js';
 import {
   type Session,
   generateSessionId,
-  loadSession,
   hashSession,
+  loadSession,
   truncateExpirationDate,
 } from './session.js';
 import { type SessionStore } from './store.js';