fix: correctly handle expired JWE's in cookies

[frederikprijck]

📋 Changes

We ensured JWE's expire in #2040 , this has the side-effect that when an expired token hits the API, it would throw a 500 because it can not encrypt the JWE due to the expiration.

Instead of this, it should act as if there is no active session.

📎 References

#2081

🎯 Testing

1. Obtain an expired JWT
2. Hit the Next.js server wired up with the Auth0 middleware
3. Boom, HTTP 500

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 96.07843% with 2 lines in your changes missing coverage. Please review.

Project coverage is 84.54%. Comparing base (a063a8d) to head (48aaa04).

Files with missing lines	Patch %	Lines
src/server/session/stateful-session-store.ts	93.75%	1 Missing ⚠️
src/server/session/stateless-session-store.ts	93.75%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2082      +/-   ##
==========================================
+ Coverage   84.23%   84.54%   +0.31%     
==========================================
  Files          22       22              
  Lines        2208     2233      +25     
  Branches      397      406       +9     
==========================================
+ Hits         1860     1888      +28     
+ Misses        342      339       -3     
  Partials        6        6              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[tusharpandey13]

lgtm

[tusharpandey13]

lgtm

[mcgaryes]

Any idea when this might make it into a release?

Thanks in advance!

[brunoscopelliti]

Hi @frederikprijck
Thank you for this!
Do you have any idea when we can reasonably expect the next release of the package?