From d78ac5c07c33634c662004150b58f9450fbc714c Mon Sep 17 00:00:00 2001
From: Cameron Matheson <cameron@workos.com>
Date: Thu, 28 Mar 2024 09:31:53 -0600
Subject: [PATCH] always control the x-workos-session header

---
 src/session.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/session.ts b/src/session.ts
index 7f7b6a5..8fd60ef 100644
--- a/src/session.ts
+++ b/src/session.ts
@@ -30,6 +30,8 @@ async function updateSession(request: NextRequest, debug: boolean) {
   // Record that the request was routed through the middleware so we can check later for DX purposes
   newRequestHeaders.set(middlewareHeaderName, 'true');
 
+  newRequestHeaders.delete(sessionHeaderName);
+
   // If no session, just continue
   if (!session) {
     return NextResponse.next({
@@ -77,7 +79,9 @@ async function updateSession(request: NextRequest, debug: boolean) {
     return response;
   } catch (e) {
     console.warn('Failed to refresh', e);
-    const response = NextResponse.next();
+    const response = NextResponse.next({
+      request: { headers: newRequestHeaders },
+    });
     response.cookies.delete(cookieName);
     return response;
   }