diff --git a/src/runtime/server/middleware/session/index.ts b/src/runtime/server/middleware/session/index.ts index 6ee76e1..fb52243 100644 --- a/src/runtime/server/middleware/session/index.ts +++ b/src/runtime/server/middleware/session/index.ts @@ -121,6 +121,20 @@ const getSession = async (event: H3Event): Promise => { return session } +const getImmutableSession = (session: Session) => { + const immutableSession = { ...session } + const properties = ['id', 'createdAt', 'ip'] + + properties.forEach((property) => { + Object.defineProperty(immutableSession, property, { + writable: false, + configurable: false + }) + }) + + return immutableSession as Session +} + const updateSessionExpirationDate = (session: Session, event: H3Event) => { const now = new Date() safeSetCookie(event, SESSION_COOKIE_NAME, session.id, now) @@ -142,7 +156,7 @@ const ensureSession = async (event: H3Event) => { } event.context.sessionId = session.id - event.context.session = session + event.context.session = getImmutableSession(session) return session } diff --git a/src/types.ts b/src/types.ts index af9b8ce..6b68f25 100644 --- a/src/types.ts +++ b/src/types.ts @@ -183,9 +183,15 @@ export interface ModulePublicRuntimeConfig { } export declare interface Session { - id: string; - createdAt: Date; - ip?: string; + readonly id: string; + readonly createdAt: Date; + readonly ip?: string; [key: string]: any; } + +declare module 'h3' { + interface H3EventContext { + session: Session + } +}