fix(database): preserve session tag when called before commit

Julien-R44 · Julien-R44 · commit f5ce7b032d70 · 2025-12-20T20:50:56.000+01:00
Fixes #95
diff --git a/src/stores/database.ts b/src/stores/database.ts
@@ -114,11 +114,7 @@ export class DatabaseStore implements SessionStoreWithTaggingContract {
     await this.#client
       .insertQuery()
       .table(this.#tableName)
-      .insert({
-        id: sessionId,
-        data: message,
-        expires_at: expiresAt,
-      })
+      .insert({ id: sessionId, data: message, expires_at: expiresAt })
       .knexQuery.onConflict('id')
       .merge(['data', 'expires_at'])
 
@@ -149,12 +145,21 @@ export class DatabaseStore implements SessionStoreWithTaggingContract {
   }
 
   /**
-   * Tag a session with a user ID
+   * Tag a session with a user ID.
+   * Uses UPSERT to handle both existing and new sessions.
    */
   async tag(sessionId: string, userId: string): Promise<void> {
     debug('database store: tagging session %s with user %s', sessionId, userId)
 
-    await this.#client.from(this.#tableName).where('id', sessionId).update({ user_id: userId })
+    const data = new MessageBuilder().build({}, undefined, sessionId)
+    const expiresAt = new Date(Date.now() + this.#ttlSeconds * 1000)
+
+    await this.#client
+      .insertQuery()
+      .table(this.#tableName)
+      .insert({ id: sessionId, user_id: userId, data, expires_at: expiresAt })
+      .knexQuery.onConflict('id')
+      .merge(['user_id'])
   }
 
   /**
diff --git a/tests/stores/database_store.spec.ts b/tests/stores/database_store.spec.ts
@@ -283,4 +283,35 @@ test.group('Database store', (group) => {
     const sessions = await store.tagged('user-1')
     assert.deepEqual(sessions, [])
   }).disableTimeout()
+
+  /**
+   * Simulate what happens during login lifecycle:
+   * - Session is new (doesnt exist in DB yet)
+   * - User calls session.tag => create session in database
+   * - Then commit() calls write() => update data and preserves the rest
+   */
+  test('tag before write creates session and preserves tag', async ({ assert }) => {
+    const store = new DatabaseStore(db.connection(), '2 hours')
+
+    await store.tag('new-session', 'user-123')
+    await store.write('new-session', { message: 'hello' })
+
+    const row = await db.from('sessions').where('id', 'new-session').first()
+    assert.equal(row.user_id, 'user-123')
+
+    const data = await store.read('new-session')
+    assert.deepEqual(data, { message: 'hello' })
+  })
+
+  test('tag is preserved after write updates session data', async ({ assert }) => {
+    const store = new DatabaseStore(db.connection(), '2 hours')
+
+    await store.write('session-1', { message: 'hello' })
+    await store.tag('session-1', 'user-123')
+
+    await store.write('session-1', { message: 'updated' })
+
+    const row = await db.from('sessions').where('id', 'session-1').first()
+    assert.equal(row.user_id, 'user-123')
+  })
 })
