Lifetime session cookie is not "reset" on session request or updating/replacing session

[claytonchew]

According to H3’s useSession() behavior, the session cookie’s expiry should reset based on maxAge whenever the session is updated (as discussed in unjs/h3#552). However, with nuxt-auth-utils, this doesn’t seem to happen.

I attempted to use setUserSession both in middleware and in server routes to extend the session’s lifetime. However, upon inspecting the API response headers, I observed that the set-cookie expiry date remains unchanged, retaining the same value as the previous session.

This behavior is unexpected, as updating the session should reset the expiry as per the maxAge configuration.

Additionally, I tried updating the session by setting a random value on each call via the session hook. While the session content itself updates as expected, the cookie expiry still does not refresh and remains the same as before.

Just to be clear, the session does reset its expiry only if the session is set on a subsequent request after it's being cleared (either by client or the server). It just does not do so if you clear and set within the same requests.

Potentially similar issues – #256

Steps to Reproduce

1. Use setUserSession or replaceUserSession (or combination of clearUserSession and setUserSession – this behavior should be the same as replaceUserSession) in middleware or server routes to update the session.
2. Inspect the response headers set-cookie to check the session cookie’s expiry.
3. Optionally, update the session with a random value via session hook's "fetch" and repeat step 2.

Expected Behavior

The session cookie’s expiry should reset based on the configured maxAge value when the session is updated.

Actual Behavior

The session content updates as expected, but the cookie expiry remains unchanged from the original value.