v5.3.0 breaks with `Cannot read properties of undefined (reading 'sign')"` about fastify-secure-session HOT 4 CLOSED

@simoneb I still have this problem, but I realise that I haven't provided you with a minimal reproduction, so I'm opening a new issue with a minimal reproduction to show that the problem does exist.

from fastify-secure-session.

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

from fastify-secure-session.

@Tirke I've tried with the following snippet and couldn't reproduce the issue you mentioned. Could you maybe show me where I got it wrong?

Environment

Windows host - NodeJS v16.10.0

Snippet

const Fastify = require('fastify')
const secureSession = require('@fastify/secure-session')

const run = async () => {
  const app = Fastify()

  await app.register(secureSession, {
    secret: 'averylogphrasebiggerthanthirtytwochars',
    salt: 'mq9hDxBVDbspDR6n',
  })

  app.post('/', (request, reply) => {
    request.session.set('data', request.body)
    reply.send('session set')
  })

  app.get('/', (request, reply) => {
    const data = request.session.get('data')
    if (!data) {
      reply.code(404).send()
      return
    }
    reply.send(data)
  })

  app.get('/all', (request, reply) => {
    // get all data from session
    const data = request.session.data()
    if (!data) {
      reply.code(404).send()
      return
    }
    reply.send(data)
  })

  app.listen({ port: 3000 })
}

run()

package.json

{
  "dependencies": {
    "@fastify/secure-session": "5.3.0",
    "fastify": "4.9.2"
  }
}

For the sake of completeness I've also run the same snippet using the current versions (NodeJS v18.14.0, fastify v4.12.0, @fastify/secure-session v6.0.0) and got the same result.

There's the remote possibility of it being an OS-related issue but, for the reason I expain below, I find it unlikely at this point.

Also, by taking a look at the code of the plugins I couldn't find any piece of code setting the signed flag in the options object. With that flag not being set the code shouldn't reach the line where signer is undefined. With the default cookie settings (i.e. not passing cookie in the plugin's options) an empty object is passed to setCookie. The signed option should always be undefined in that scenario.

Maybe I'm missing something but I'm not being able to either identify the issue or reproduce it in order to work on a fix.

from fastify-secure-session.

I can confirm this is also working for me, with an independent repro. @Tirke thanks for the analysis nonetheless, feel free to reopen this issue if for any reason you still cannot workaround the problem you reported.

from fastify-secure-session.