express-session-rethinkdb-esm 0.0.5 → 1.0.0

package/README.md

@@ -4,28 +4,28 @@
 
 Thank you to everyone writing `express-session` drivers out there for the boilerplate and inspiration.
 
-**Note**: Sessions are not vacuumed by the adapter like some of the others out there (`setInterval` and friends). Pull requests welcome :)
-
 ## Installation
 
 `npm install express-session-rethinkdb-esm --save`
 
 ## Constructor Options
 
-`client`: **Required** -- RethinkDB import.
+`client`: **Required** — RethinkDB import.
 
-`conn`: **Required** -- RethinkDB database connection.
+`connGetter`: **Required** — A function that returns the current RethinkDB connection. Called on every operation so the store always uses the live connection after a reconnect.
 
 `table`: RethinkDB table to store sessions in (default: `sessions`).
 
 `ttl`: Time in milliseconds to expire sessions (default: two weeks).
 
+`gcProbability`: Probability (0–1) that each `set()` call triggers a background sweep deleting all expired sessions (default: `0.01`). Set to `0` to disable.
+
 ## Usage
 
 ```javascript
 // rethinkdb
 import r from 'rethinkdb'
-const rc = await r.connect({ host })
+let rc = await r.connect({ host })
 
 // express
 import express from 'express'
@@ -33,24 +33,118 @@ import session from 'express-session'
 import _init_rdb_express_session_store from 'express-session-rethinkdb-esm'
 
 const app = express()
-const RethinkdbSessionStore = await _init_rdb_express_session_store({ session })
+const RethinkdbSessionStore = _init_rdb_express_session_store({ session })
 
 app.use( session({
-    store: new RethinkdbSessionStore({ client: r, conn: rc })
-})
+    store: new RethinkdbSessionStore({ client: r, connGetter: () => rc })
+}) )
 ```
 
-### Wait on Readiness
+### connGetter and Reconnection
 
-Using the `ready` property to wait for store initialization. Store will ensure the `table` table is created and has a secondary index for `expires` if not already.
+Pass a getter function rather than a static reference so the store always uses the current live connection:
 
 ```javascript
-// Thennable
-rethinkdbSessionStoreInstance.ready.then( async () => {
-    await rethinkdbSessionStoreInstance.vacuum()
-})
+let rc = await r.connect({ host })
+
+// reconnect handler — rc is reassigned on reconnect
+rc.on( 'close', async () => {
+    rc = await r.connect({ host })
+} )
 
+// store dereferences rc at call time — no manual patching needed
+const store = new RethinkdbSessionStore({ client: r, connGetter: () => rc })
+```
+
+### Wait on Readiness
+
+Use the `ready` property to wait for store initialization (table creation and index setup):
+
+```javascript
 // Async/Await
 await rethinkdbSessionStoreInstance.ready
-await rethinkdbSessionStoreInstance.vacuum()
-```
+```
+
+### Session Cleanup
+
+Expired sessions are cleaned up automatically:
+
+- **Lazy deletion**: When `get()` finds an expired session, it deletes it in the background before returning `null`.
+- **Probabilistic GC**: Each `set()` call has a `gcProbability` chance (default 1%) of sweeping all expired sessions. This handles abandoned sessions that are never read again.
+
+No timers or manual vacuum calls are required for normal operation.
+
+### `vacuum()` — Admin Escape Hatch
+
+`vacuum()` immediately deletes all expired sessions. Useful as a one-off maintenance operation (e.g. after upgrading from a version that had the broken vacuum query):
+
+```javascript
+await store.vacuum()
+```
+
+## Running Tests
+
+Integration tests run against a real RethinkDB instance. A dedicated `sessions_test` table is created and dropped automatically.
+
+```bash
+# start a throwaway RethinkDB
+docker run --rm -p 28015:28015 rethinkdb:2.4.3
+
+# install devDependencies and run tests
+npm install
+npm test
+
+# custom host/port
+RETHINKDB_HOST=myhost RETHINKDB_PORT=28015 npm test
+```
+
+## 1.0.0 Changelog
+
+**`conn` replaced by `connGetter`**
+
+Previously the constructor accepted a static connection reference. It now accepts a getter function that is called on every operation, so the store always uses the current live connection after a reconnect.
+
+```javascript
+// before
+new RethinkdbSessionStore({ client: r, conn: rc })
+
+// after
+new RethinkdbSessionStore({ client: r, connGetter: () => rc })
+```
+
+If you were manually patching the connection after reconnects (e.g. `store.conn = root_rc` in a reconnect handler), that workaround can be removed.
+
+**`vacuum()` query fixed**
+
+The previous implementation deleted sessions with `expires < (now - ttl)` instead of `expires < now`. Expired sessions were never actually cleaned up. The query now correctly deletes everything with an expiry in the past.
+
+**`set()` and `touch()` now surface errors without a callback**
+
+Previously, errors in `set()` and `touch()` were silently swallowed when called without a callback. They now throw, consistent with all other methods.
+
+**`destroy()` no longer crashes without a callback**
+
+Previously `destroy()` always called `cb( err )` unconditionally, throwing `TypeError: cb is not a function` if no callback was provided. Fixed.
+
+**New: lazy deletion on `get()`**
+
+When a session is found but has expired, it is deleted from the database in the background before returning `null`.
+
+**New: probabilistic GC on `set()` (default 1%)**
+
+On each `set()` call, there is a configurable probability (default `gcProbability: 0.01`) that a background sweep deletes all expired sessions. Set to `0` to disable.
+
+**Initialization errors now propagate via EventEmitter**
+
+Previously, if the DB was unreachable at startup, the constructor's internal `_init` call rejected silently (`UnhandledPromiseRejection`) and `store.ready` hung forever. Init errors now route through the standard Node.js error channel. Attach an `'error'` listener if you need to handle startup failures explicitly:
+
+```javascript
+store.on( 'error', err => {
+    console.error( 'Session store init failed:', err )
+    process.exit( 1 )
+} )
+```
+
+**Unknown constructor options no longer clobber internals**
+
+Previously all options were merged onto the instance via `Object.assign`, meaning any option key matching a class member (`_t`, `_init`, `ready`, `get`, `set`, etc.) would silently overwrite it. The constructor now extracts only the five known keys (`client`, `connGetter`, `table`, `ttl`, `gcProbability`). Unknown keys are ignored.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "express-session-rethinkdb-esm",
-  "version": "0.0.5",
+  "version": "1.0.0",
   "license": "MIT",
   "author": "Robert Sirois",
   "homepage": "https://github.com/rpsirois/express-session-rethinkdb-esm#readme",
@@ -15,7 +15,15 @@
   "exports": {
     ".": "./rdb-session.js"
   },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "test": "node --test test/store.test.js"
+  },
   "dependencies": {},
-  "devDependencies": {},
-  "scripts": {}
+  "devDependencies": {
+    "rethinkdb": "^2.4.1",
+    "express-session": "^1.18.0"
+  }
 }

package/rdb-session.js

@@ -1,36 +1,50 @@
+function optionalCb( err, data, cb ) {
+    if ( cb ) return cb( err, data )
+    if ( err ) throw err
+    return data
+}
+
 const defaults = {
-    ttl: 1000 * 60 * 60 * 24 * 14 ,// 2 weeks
+    ttl: 1000 * 60 * 60 * 24 * 14, // 2 weeks
     table: 'sessions',
+    gcProbability: 0.01,
 }
 
-let r
-
 export default cfg => (
     class RethinkdbSessionStore extends cfg.session.Store {
         constructor( opt ) {
-            super(opt)
-            Object.assign(this, defaults, opt)
-            if (! this.client) throw new Error('RethinkdbSessionStore requires a client in setup options.')
-            if (! this.conn) throw new Error('RethinkdbSessionStore requires a connection in setup options.')
+            super( opt )
+            // Extract known keys only — prevents opt properties from clobbering class internals
+            this.client      = opt?.client
+            this.connGetter  = opt?.connGetter
+            this.table       = opt?.table       ?? defaults.table
+            this.ttl         = opt?.ttl         ?? defaults.ttl
+            this.gcProbability = opt?.gcProbability ?? defaults.gcProbability
+            if ( !this.client ) throw new Error( 'RethinkdbSessionStore requires a client in setup options.' )
+            if ( typeof this.connGetter !== 'function' ) throw new Error( 'RethinkdbSessionStore requires a connGetter function in setup options.' )
             let _p_then
             this.ready = new Promise( then => _p_then = then )
-            this.initDb( this.client, this.conn, _p_then )
+            // Forward init errors through EventEmitter so callers can attach an 'error' listener.
+            // Without this, a DB-unreachable startup causes UnhandledPromiseRejection and
+            // leaves this.ready hanging forever.
+            this._init( _p_then ).catch( err => this.emit( 'error', err ) )
         }
 
         getExpiry( cookie ) {
             return cookie?.expires
-                ? new Date(cookie.expires)
-                : new Date(Date.now() + this.ttl)
+                ? new Date( cookie.expires )
+                : new Date( Date.now() + this.ttl )
         }
 
-        async initDb( _r, rc, then ) {
-            r = _r
+        async _init( then ) {
+            const r = this.client
+            const rc = await this.connGetter()
             let { table } = this
 
             // table
             const existing_tables = new Set( await r.tableList().run( rc ) )
 
-            if ( !existing_tables.has( table ) ) await r.tableCreate( table ).run(rc)
+            if ( !existing_tables.has( table ) ) await r.tableCreate( table ).run( rc )
 
             const _t = this._t = r.table( table )
 
@@ -49,114 +63,122 @@ export default cfg => (
 
         async all( cb ) {
             try {
-                let result = await ( await this._t.run( this.conn ) ).toArray()
-                cb?.( null, result )
-                return result
-            } catch (err) {
-                if (!cb) throw err
-                cb(err)
+                const rc = await this.connGetter()
+                const result = await ( await this._t.run( rc ) ).toArray()
+                return optionalCb( null, result, cb )
+            } catch ( err ) {
+                return optionalCb( err, null, cb )
             }
         }
 
         async destroy( sid, cb ) {
             try {
-                let result = await this._t.get( sid )
+                const rc = await this.connGetter()
+                const result = await this._t.get( sid )
                     .delete()
-                    .run(this.conn)
-                cb?.(null, result)
-                return result
-            } catch (err) {
-                cb(err)
+                    .run( rc )
+                return optionalCb( null, result, cb )
+            } catch ( err ) {
+                return optionalCb( err, null, cb )
             }
         }
 
         async clear( cb ) {
             try {
-                let result = await this._t
+                const rc = await this.connGetter()
+                const result = await this._t
                     .delete()
-                    .run(this.conn)
-                cb?.( null, result )
-                return result
-            } catch (err) {
-                if (!cb) throw err
-                cb(err)
+                    .run( rc )
+                return optionalCb( null, result, cb )
+            } catch ( err ) {
+                return optionalCb( err, null, cb )
             }
         }
 
         async length( cb ) {
             try {
-                let result = await this._t
+                const rc = await this.connGetter()
+                const result = await this._t
                     .count()
-                    .run(this.conn)
-                cb?.( null, result )
-                return result
-            } catch (err) {
-                if (!cb) throw err
-                cb(err)
+                    .run( rc )
+                return optionalCb( null, result, cb )
+            } catch ( err ) {
+                return optionalCb( err, null, cb )
             }
         }
 
         async get( sid, cb ) {
             try {
-                let result = await this._t.get( sid )
-                    .run(this.conn)
-                result = !result ? null
-                    : Date.now() > result.expires.getTime() ? null
-                    : JSON.parse( result.session )
-                cb?.(null, result)
-                return result
-            } catch (err) {
-                if (!cb) throw err
-                cb(err)
+                const rc = await this.connGetter()
+                const row = await this._t.get( sid ).run( rc )
+
+                if ( !row ) return optionalCb( null, null, cb )
+
+                if ( Date.now() > row.expires.getTime() ) {
+                    this._t.get( sid ).delete().run( rc ).catch( () => {} )
+                    return optionalCb( null, null, cb )
+                }
+
+                const result = JSON.parse( row.session )
+                return optionalCb( null, result, cb )
+            } catch ( err ) {
+                return optionalCb( err, null, cb )
             }
         }
 
         async set( sid, session, cb ) {
             try {
-                let obj = {
+                const rc = await this.connGetter()
+                const obj = {
                     id: sid,
-                    session: JSON.stringify(session),
-                    expires: this.getExpiry(session?.cookie),
+                    session: JSON.stringify( session ),
+                    expires: this.getExpiry( session?.cookie ),
                 }
 
-                let ans = await this._t.get( sid )
+                await this._t.get( sid )
                     .replace( obj )
-                    .run( this.conn )
+                    .run( rc )
 
-                cb?.()
-            } catch (err) {
-                if (!cb) throw err
-                cb(err)
+                if ( this.gcProbability > 0 && Math.random() < this.gcProbability ) {
+                    const r = this.client
+                    this._t.between( r.minval, new Date(), { index: 'expires' } )
+                        .delete().run( rc ).catch( () => {} )
+                }
+
+                return optionalCb( null, null, cb )
+            } catch ( err ) {
+                return optionalCb( err, null, cb )
             }
         }
 
         async touch( sid, session, cb ) {
             try {
-                let obj = {
+                const rc = await this.connGetter()
+                const obj = {
                     expires: this.getExpiry( session?.cookie ),
                 }
 
-                let ans = await this._t.get( sid )
+                await this._t.get( sid )
                     .update( obj )
-                    .run( this.conn )
+                    .run( rc )
 
-                cb?.()
-            } catch (err) {
-                if (!cb) throw err
-                cb(err)
+                return optionalCb( null, null, cb )
+            } catch ( err ) {
+                return optionalCb( err, null, cb )
             }
         }
 
-        // custom functions (not part of the express-session Session Store Implementation)
-
-        // clear table of expired sessions
+        // Admin escape hatch — clears all expired sessions immediately.
+        // Not needed for normal operation (lazy deletion + probabilistic GC handle cleanup).
         async vacuum( cb ) {
             try {
-                await this._t.between( r.minval, new Date( Date.now() - this.ttl ), {index: 'expires'} ).delete().run( this.conn )
-                cb?.()
+                const r = this.client
+                const rc = await this.connGetter()
+                await this._t.between( r.minval, new Date(), { index: 'expires' } ).delete().run( rc )
+                return optionalCb( null, null, cb )
             } catch ( err ) {
-                if ( !cb ) throw err
-                cb( err )
+                return optionalCb( err, null, cb )
             }
         }
-    })
+    }
+)

package/test/store.test.js

@@ -0,0 +1,407 @@
+import { describe, it, before, after } from 'node:test'
+import assert from 'node:assert/strict'
+import r from 'rethinkdb'
+import session from 'express-session'
+import _init_store from '../rdb-session.js'
+
+const HOST = process.env.RETHINKDB_HOST ?? 'localhost'
+const PORT = parseInt( process.env.RETHINKDB_PORT ?? '28015', 10 )
+const TABLE = 'sessions_test'
+
+const RethinkdbSessionStore = _init_store({ session })
+
+let rc
+
+async function makeStore( opts = {} ) {
+    const store = new RethinkdbSessionStore({
+        client: r,
+        connGetter: () => rc,
+        table: TABLE,
+        gcProbability: 0,
+        ...opts,
+    })
+    await store.ready
+    return store
+}
+
+// Insert a row directly, bypassing the store (for setup / verification)
+async function insertRaw( row ) {
+    await r.table( TABLE ).insert( row, { conflict: 'replace' } ).run( rc )
+}
+
+async function getRaw( sid ) {
+    return r.table( TABLE ).get( sid ).run( rc )
+}
+
+before( async () => {
+    rc = await r.connect({ host: HOST, port: PORT })
+
+    // Drop and recreate the test table
+    const tables = new Set( await r.tableList().run( rc ) )
+    if ( tables.has( TABLE ) ) await r.tableDrop( TABLE ).run( rc )
+} )
+
+after( async () => {
+    const tables = new Set( await r.tableList().run( rc ) )
+    if ( tables.has( TABLE ) ) await r.tableDrop( TABLE ).run( rc )
+    await rc.close()
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// get()
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'get()', () => {
+    let store
+
+    before( async () => {
+        store = await makeStore()
+        await store.clear()
+    } )
+
+    it( 'returns null for non-existent sid — promise style', async () => {
+        const result = await store.get( 'no-such-sid' )
+        assert.equal( result, null )
+    } )
+
+    it( 'returns null for non-existent sid — callback style', ( _, done ) => {
+        store.get( 'no-such-sid', ( err, result ) => {
+            assert.ifError( err )
+            assert.equal( result, null )
+            done()
+        } )
+    } )
+
+    it( 'returns parsed session data for valid session — promise style', async () => {
+        const sid = 'valid-sid'
+        const data = { user: 'alice', cookie: {} }
+        await store.set( sid, data )
+
+        const result = await store.get( sid )
+        assert.equal( result.user, 'alice' )
+    } )
+
+    it( 'returns parsed session data for valid session — callback style', ( _, done ) => {
+        const sid = 'valid-sid-cb'
+        store.set( sid, { user: 'bob', cookie: {} } ).then( () => {
+            store.get( sid, ( err, result ) => {
+                assert.ifError( err )
+                assert.equal( result.user, 'bob' )
+                done()
+            } )
+        } )
+    } )
+
+    it( 'returns null for expired session', async () => {
+        const sid = 'expired-sid'
+        await insertRaw({
+            id: sid,
+            session: JSON.stringify({ user: 'ghost' }),
+            expires: new Date( Date.now() - 1000 ),
+        })
+
+        const result = await store.get( sid )
+        assert.equal( result, null )
+    } )
+
+    it( 'lazily deletes the expired row after get()', async () => {
+        const sid = 'lazy-delete-sid'
+        await insertRaw({
+            id: sid,
+            session: JSON.stringify({ user: 'phantom' }),
+            expires: new Date( Date.now() - 1000 ),
+        })
+
+        await store.get( sid )
+
+        // Give the background delete a moment to complete
+        await new Promise( resolve => setTimeout( resolve, 100 ) )
+
+        const row = await getRaw( sid )
+        assert.equal( row, null )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// set()
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'set()', () => {
+    let store
+
+    before( async () => {
+        store = await makeStore()
+        await store.clear()
+    } )
+
+    it( 'creates a new session — promise style', async () => {
+        await store.set( 'new-sid', { user: 'carol', cookie: {} } )
+        const row = await getRaw( 'new-sid' )
+        assert.ok( row )
+        assert.equal( JSON.parse( row.session ).user, 'carol' )
+    } )
+
+    it( 'upserts (overwrites) an existing session', async () => {
+        const sid = 'upsert-sid'
+        await store.set( sid, { user: 'dave', cookie: {} } )
+        await store.set( sid, { user: 'dave-updated', cookie: {} } )
+
+        const row = await getRaw( sid )
+        assert.equal( JSON.parse( row.session ).user, 'dave-updated' )
+    } )
+
+    it( 'uses cookie.expires when present', async () => {
+        const expires = new Date( Date.now() + 60_000 )
+        await store.set( 'cookie-exp-sid', { cookie: { expires } } )
+
+        const row = await getRaw( 'cookie-exp-sid' )
+        assert.equal( row.expires.getTime(), expires.getTime() )
+    } )
+
+    it( 'falls back to ttl when no cookie.expires', async () => {
+        const before = Date.now()
+        await store.set( 'ttl-sid', { cookie: {} } )
+        const after = Date.now()
+
+        const row = await getRaw( 'ttl-sid' )
+        const exp = row.expires.getTime()
+        assert.ok( exp >= before + store.ttl - 100 )
+        assert.ok( exp <= after + store.ttl + 100 )
+    } )
+
+    it( 'creates a new session — callback style', ( _, done ) => {
+        store.set( 'cb-set-sid', { user: 'erin', cookie: {} }, async ( err ) => {
+            assert.ifError( err )
+            const row = await getRaw( 'cb-set-sid' )
+            assert.ok( row )
+            done()
+        } )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// destroy()
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'destroy()', () => {
+    let store
+
+    before( async () => {
+        store = await makeStore()
+        await store.clear()
+    } )
+
+    it( 'removes an existing session — promise style', async () => {
+        await store.set( 'destroy-sid', { cookie: {} } )
+        await store.destroy( 'destroy-sid' )
+        const row = await getRaw( 'destroy-sid' )
+        assert.equal( row, null )
+    } )
+
+    it( 'no error on non-existent sid', async () => {
+        await assert.doesNotReject( () => store.destroy( 'ghost-sid' ) )
+    } )
+
+    it( 'removes an existing session — callback style', ( _, done ) => {
+        store.set( 'destroy-cb-sid', { cookie: {} }, async () => {
+            store.destroy( 'destroy-cb-sid', async ( err ) => {
+                assert.ifError( err )
+                const row = await getRaw( 'destroy-cb-sid' )
+                assert.equal( row, null )
+                done()
+            } )
+        } )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// touch()
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'touch()', () => {
+    let store
+
+    before( async () => {
+        store = await makeStore()
+        await store.clear()
+    } )
+
+    it( 'updates expires on an existing session', async () => {
+        const sid = 'touch-sid'
+        await store.set( sid, { cookie: {} } )
+        const before = await getRaw( sid )
+
+        // Small delay so the new expiry is meaningfully later
+        await new Promise( resolve => setTimeout( resolve, 10 ) )
+
+        const newExpires = new Date( Date.now() + store.ttl )
+        await store.touch( sid, { cookie: { expires: newExpires } } )
+
+        const after = await getRaw( sid )
+        assert.ok( after.expires.getTime() > before.expires.getTime() )
+    } )
+
+    it( 'no error on non-existent sid', async () => {
+        await assert.doesNotReject( () => store.touch( 'ghost-sid', { cookie: {} } ) )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// all()
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'all()', () => {
+    let store
+
+    before( async () => {
+        store = await makeStore()
+        await store.clear()
+    } )
+
+    it( 'returns all sessions', async () => {
+        await store.set( 'all-sid-1', { cookie: {} } )
+        await store.set( 'all-sid-2', { cookie: {} } )
+
+        const result = await store.all()
+        const ids = result.map( row => row.id )
+        assert.ok( ids.includes( 'all-sid-1' ) )
+        assert.ok( ids.includes( 'all-sid-2' ) )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// clear() + length()
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'clear() and length()', () => {
+    let store
+
+    before( async () => {
+        store = await makeStore()
+        await store.clear()
+    } )
+
+    it( 'length() returns correct count', async () => {
+        await store.set( 'len-sid-1', { cookie: {} } )
+        await store.set( 'len-sid-2', { cookie: {} } )
+
+        const count = await store.length()
+        assert.equal( count, 2 )
+    } )
+
+    it( 'clear() removes all sessions and length() returns 0', async () => {
+        await store.clear()
+        const count = await store.length()
+        assert.equal( count, 0 )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// vacuum()
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'vacuum()', () => {
+    let store
+
+    before( async () => {
+        store = await makeStore()
+        await store.clear()
+    } )
+
+    it( 'deletes expired sessions and leaves valid ones', async () => {
+        const validSid = 'vacuum-valid'
+        const expiredSid = 'vacuum-expired'
+
+        await store.set( validSid, { cookie: {} } )
+        await insertRaw({
+            id: expiredSid,
+            session: JSON.stringify({ user: 'stale' }),
+            expires: new Date( Date.now() - 1000 ),
+        })
+
+        await store.vacuum()
+
+        const validRow = await getRaw( validSid )
+        const expiredRow = await getRaw( expiredSid )
+
+        assert.ok( validRow, 'valid session should still exist' )
+        assert.equal( expiredRow, null )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// Probabilistic GC
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'probabilistic GC', () => {
+    it( 'gcProbability: 1 — expired sessions removed after set()', async () => {
+        const store = await makeStore({ gcProbability: 1 })
+        await store.clear()
+
+        const expiredSid = 'gc-expired'
+        await insertRaw({
+            id: expiredSid,
+            session: JSON.stringify({ user: 'stale' }),
+            expires: new Date( Date.now() - 1000 ),
+        })
+
+        // Trigger set() which will fire GC
+        await store.set( 'gc-trigger-sid', { cookie: {} } )
+
+        // Give background GC time to complete
+        await new Promise( resolve => setTimeout( resolve, 200 ) )
+
+        const row = await getRaw( expiredSid )
+        assert.equal( row, null )
+    } )
+
+    it( 'gcProbability: 0 — expired sessions remain after set()', async () => {
+        const store = await makeStore({ gcProbability: 0 })
+        await store.clear()
+
+        const expiredSid = 'gc-disabled-expired'
+        await insertRaw({
+            id: expiredSid,
+            session: JSON.stringify({ user: 'stale' }),
+            expires: new Date( Date.now() - 1000 ),
+        })
+
+        await store.set( 'gc-disabled-trigger', { cookie: {} } )
+
+        // Brief wait — GC should NOT have run
+        await new Promise( resolve => setTimeout( resolve, 100 ) )
+
+        const row = await getRaw( expiredSid )
+        assert.ok( row, 'expired row should still exist when GC is disabled' )
+    } )
+} )
+
+// ────────────────────────────────────────────────────────────────────────────
+// connGetter — connection replacement between calls
+// ────────────────────────────────────────────────────────────────────────────
+
+describe( 'connGetter', () => {
+    it( 'replacing the connection reference between calls still works', async () => {
+        let currentConn = rc
+
+        const store = new RethinkdbSessionStore({
+            client: r,
+            connGetter: () => currentConn,
+            table: TABLE,
+            gcProbability: 0,
+        })
+        await store.ready
+
+        await store.set( 'conn-getter-sid', { user: 'frank', cookie: {} } )
+
+        // Simulate reconnect: swap in a fresh connection
+        const newConn = await r.connect({ host: HOST, port: PORT })
+        currentConn = newConn
+
+        // Should still work through the new connection
+        const result = await store.get( 'conn-getter-sid' )
+        assert.equal( result.user, 'frank' )
+
+        await newConn.close()
+    } )
+} )