Getting 500 error after logout

[ukasyah-dev]

I'm using next (10.2.3) and next-iron-session (4.1.13).

After logout (destroying session), the cookie would be like this:

um-session=; Max-Age=0; Path=/; HttpOnly; SameSite=Lax; Domain=localhost

When I tried login, I got Internal Server Error. But, it's back to normal after manually clearing browser cookies (on client). The error is similar to #183.

[vvo]

Hey there, can you create a reproducible example of this bug? Thanks

[BahmanBinary]

hi
i have this problem too

this is my logout codes:

import { withSession } from "../../../helpers/with-session";
import axios from "axios";

const BASE_SERVER_URL = process.env.BASE_URL;

export default withSession(async function (req, res) {
  try {
    const menchicoSessionCookie =
      req.session.get("user")?.menchicoSessionCookie;

    if (menchicoSessionCookie)
      try {
        await axios(BASE_SERVER_URL + "/users/logout", {
          method: "post",
          headers: {
            Cookie: menchicoSessionCookie,
          },
        });
      } catch (error) {
        console.log(error);
      }

    req.session.destroy();
    res.json({ isLoggedIn: false });
  } catch (error) {
    console.log(error);
  }
});

and this is withSession helper function:

import { withIronSession } from "next-iron-session";

export function withSession(handler) {
  return withIronSession(handler, {
    cookieName: "menchico",
    password: process.env.IRON_SESSION_COOKIE_PASSWORD,
    cookieOptions: {
      secure: process.env.NODE_ENV == "production",
      httpOnly: process.env.NODE_ENV == "production",
    },
  });
}

first time is ok and i get this cookie: menchico=; Max-Age=0; Path=/; SameSite=Lax; Domain=localhost
after that all request cause 500 error:

Error: Incorrect number of sealed components
    at Object.exports.unseal (/home/bahman/Projects/noa-dash/node_modules/@hapi/iron/lib/index.js:255:15)
    at ironStore (/home/bahman/Projects/noa-dash/node_modules/iron-store/dist/index.js:23:60)
    at getOrCreateStore (/home/bahman/Projects/noa-dash/node_modules/next-iron-session/dist/index.js:148:41)
    at applySession (/home/bahman/Projects/noa-dash/node_modules/next-iron-session/dist/index.js:65:23)
    at withIronSessionHandler (/home/bahman/Projects/noa-dash/node_modules/next-iron-session/dist/index.js:114:11)
    at apiResolver (/home/bahman/Projects/noa-dash/node_modules/next/dist/next-server/server/api-utils.js:8:7)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async DevServer.handleApiRequest (/home/bahman/Projects/noa-dash/node_modules/next/dist/next-server/server/next-server.js:66:462)
    at async Object.fn (/home/bahman/Projects/noa-dash/node_modules/next/dist/next-server/server/next-server.js:58:580)
    at async Router.execute (/home/bahman/Projects/noa-dash/node_modules/next/dist/next-server/server/router.js:25:67) {
  data: null,
  isBoom: true,
  isServer: true,
  output: {
    statusCode: 500,
    payload: {
      statusCode: 500,
      error: 'Internal Server Error',
      message: 'An internal server error occurred'
    },
    headers: {}
  }
}

packages:

"react": "^17.0.2",
"react-dom": "^17.0.2",
"next": "^11.0.0",
"next-iron-session": "^4.2.0",

[BahmanBinary]

I'm using next (10.2.3) and next-iron-session (4.1.13).

After logout (destroying session), the cookie would be like this:

um-session=; Max-Age=0; Path=/; HttpOnly; SameSite=Lax; Domain=localhost

When I tried login, I got Internal Server Error. But, it's back to normal after manually clearing browser cookies (on client). The error is similar to #183.

@ukasyah99 your problem solved?

[vvo]

Please if you have this issue, create a GitHub repository where we can npm install npm start and steps to take to get the 500 error.

The repository must be based on the Next.js example of this repo.

[BahmanBinary]

Please if you have this issue, create a GitHub repository where we can npm install npm start and steps to take to get the 500 error.

The repository must be based on the Next.js example of this repo.

https://github.com/BahmanBinary/iron-session-issue
you can check it ;)
My node version: v16.2.0

[BahmanBinary]

@vvo
first send request to /api/v1/login
then /api/v1/logout
after that, request to each one of them produce this problem

[BahmanBinary]

whats up @vvo ?
were you able to fix it? 🤔
i'm waiting for you 😉

[vvo]

Hey @BahmanBinary I tried to reproduce it. But it works all the time for me.

I cloned the repository, npm install npm run dev and tested routes multiple times but always got 200 OK.

If you can manage to reproduce it again let me know. There must be something different in your setup than mine I guess. Could be a browser configuration or extension

[darrenkeen]

@vvo Try changing the cookie value to something random then trying to login/logout - thats when I get the error.

Basically when doing queries in Insomnia the cookie value is erased but the cookie still exists. GraphiQL deletes it so works fine. I imagine some browsers are deleting and some aren't.

Can you try this and get back to us?