Open BryanBerger98 opened 1 month ago
It's because you're passing user
to createSession()
. I'm not sure why you're passing it, but user.id
is overriding the session ID
Oh my god I'm so stupid!
I thought I needed to add user attributes to the session object but it is useless actually. And I didn't know that the attributes, including an id
key, will be overriding the session ID.
Thank you for your help!
I am thinking about this: Maybe we could modify the code of the Drizzle adapter to avoid the possibility of this overriding. I think that when we set a custom session ID, this custom ID should be used even if an id
key exists inside the attributes. Otherwise, we can be confused as I was.
The following code can be a solution.
public async setSession(session: DatabaseSession): Promise<void> {
await this.db.insert(this.sessionTable).values({
...session.attributes,
id: session.id,
userId: session.userId,
expiresAt: session.expiresAt
});
}
If you want to keep the possibility to set an id
by the attributes argument, we can do it by modifying the createSession
method inside the core.ts
file of the lucia
package, this way:
const sessionId = options?.sessionId ?? attributes.id ?? generateIdFromEntropySize(25);
This way, if a custom ID exists, it has priority over the id
inside attributes
.
Another option could be removing the options
argument and use the attributes
argument to set a custom ID.
What do you think about this idea ?
Yeah I didn't close the issue :D
Do you want me to contribute by proposing the solution I described above in a pull request ?
Package
@lucia-auth/session-drizzle
Describe the bug
Hi!
When I create a new session with
lucia.createSession
for a user who already has an existing session, a duplication key error is thrown by the database:For information, the
userId
used here is the integer1
. It seems that theuserId
is always used by default to set thesessionId
. ThesessionId
is not auto incremented.To fix this, I wanted to set a custom
sessionId
this way:But it does not work. It seems that
lucia.createSession
does not care about my customsessionId
. It still insert a1
as thesessionId
.If I try to do it with an other user, the same thing happen. For example, I try with a user with an id
2
. So thesessionId
was using theuserId
and the session was inserted with the id2
. If I try to create another session for the same user, the same error will be thrown.So finaly I tried to do it manually, by skipping the usage of
lucia.createSession
and directly using the DB client:And it works ! So this way I am sure that the problem does not come from my table schema or any database configuration.
Maybe I could help finding the origin of the problem and fix it ?
Thank you in advance for your help !