fix: bad interaction between session state changes and renewal

actix-session/CHANGES.md

@@ -1,7 +1,9 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
+- Fix bad interaction between session state changes and renewal. [#265]
 
+[#265]: https://github.com/actix/actix-extras/pull/265
 
 ## 0.7.0 - 2022-07-09
 - Added `TtlExtensionPolicy` enum to support different strategies for extending the TTL attached to the session state. `TtlExtensionPolicy::OnEveryRequest` now allows for long-lived sessions that do not expire if the user remains active. [#233]

actix-session/src/session.rs

@@ -128,7 +128,9 @@ impl Session {
         let mut inner = self.0.borrow_mut();
 
         if inner.status != SessionStatus::Purged {
-            inner.status = SessionStatus::Changed;
+            if inner.status != SessionStatus::Renewed {
+                inner.status = SessionStatus::Changed;
+            }
 
             let key = key.into();
             let val = serde_json::to_string(&value)
@@ -155,7 +157,9 @@ impl Session {
         let mut inner = self.0.borrow_mut();
 
         if inner.status != SessionStatus::Purged {
-            inner.status = SessionStatus::Changed;
+            if inner.status != SessionStatus::Renewed {
+                inner.status = SessionStatus::Changed;
+            }
             return inner.state.remove(key);
         }
 
@@ -187,7 +191,9 @@ impl Session {
         let mut inner = self.0.borrow_mut();
 
         if inner.status != SessionStatus::Purged {
-            inner.status = SessionStatus::Changed;
+            if inner.status != SessionStatus::Renewed {
+                inner.status = SessionStatus::Changed;
+            }
             inner.state.clear()
         }
     }

actix-session/tests/session.rs

@@ -68,3 +68,43 @@ async fn session_entries() {
     map.contains_key("test_str");
     map.contains_key("test_num");
 }
+#[actix_web::test]
+async fn insert_session_after_renew() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.insert("test_val", "val").unwrap();
+    assert_eq!(session.status(), SessionStatus::Changed);
+
+    session.renew();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+
+    session.insert("test_val1", "val1").unwrap();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+}
+#[actix_web::test]
+async fn remove_session_after_renew() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.insert("test_val", "val").unwrap();
+    session.remove("test_val").unwrap();
+    assert_eq!(session.status(), SessionStatus::Changed);
+
+    session.renew();
+    session.insert("test_val", "val").unwrap();
+    session.remove("test_val").unwrap();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+}
+
+#[actix_web::test]
+async fn clear_session_after_renew() {
+    let session = test::TestRequest::default().to_srv_request().get_session();
+
+    session.clear();
+    assert_eq!(session.status(), SessionStatus::Changed);
+
+    session.renew();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+
+    session.clear();
+    assert_eq!(session.status(), SessionStatus::Renewed);
+}