ensure session.set_expiry adds or removes the Max-Age attribute to …

[Katze864]

…or from the cookie

This addresses a bug where using set_expiry on a session with no initial expiry time would not add the Max-age attribute to the cookie leading to an inconsitency between the cookie and the database. Fix: #178

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.88%. Comparing base (d7b7e13) to head (b61bc7d).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #191      +/-   ##
==========================================
+ Coverage   85.75%   85.88%   +0.12%     
==========================================
  Files           5        5              
  Lines         337      340       +3     
==========================================
+ Hits          289      292       +3     
  Misses         48       48              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[maxcountryman]

Thanks for this.

Re the expiry logic more generally: I think ultimately we should pass Expiry, via the Record to the stores and allow them to decide how to persist expiration (for example, "Session" max age could follow some store-specific protocol for expiry, rather than using the two-week default constant the session logic currently imposes).

There's also a type within cookie that we should probably use instead or wrap in some way.

Anyway these are breaking changes but it's worth ensuring better coherence here prior to a 1.0 release.