Before this commit, when using signed: true inside the cookie settings for fastify-secure-session, the cookie was passed without unsigning the cookie, so it would always be invalid. After this commit, signed sessions should work fine.
I added a test file to show it works and that tampering the cookie will invalidate a signed cookie. The test will fail in the old version.
Before this commit, when using
signed: trueinside the cookie settings forfastify-secure-session, the cookie was passed without unsigning the cookie, so it would always be invalid. After this commit, signed sessions should work fine.I added a test file to show it works and that tampering the cookie will invalidate a signed cookie. The test will fail in the old version.
Checklist
npm run testandnpm run benchmark