Fix resaving already-saved new session at end of request

closes #849

Author: jneander

HISTORY.md

@@ -1,6 +1,7 @@
 unreleased
 ==========
 
+  * Fix resaving already-saved new session at end of request
   * deps: [email protected]
 
 1.17.2 / 2021-05-19

index.js

@@ -444,7 +444,7 @@ function session(options) {
         return false;
       }
 
-      return !saveUninitializedSession && cookieId !== req.sessionID
+      return !saveUninitializedSession && !savedHash && cookieId !== req.sessionID
         ? isModified(req.session)
         : !isSaved(req.session)
     }

test/session.js

@@ -1775,6 +1775,31 @@ describe('session()', function(){
           .expect(200, 'saved', done)
         })
       })
+
+      describe('when saveUninitialized is false', function () {
+        it('should prevent end-of-request save', function (done) {
+          var store = new session.MemoryStore()
+          var server = createServer({ saveUninitialized: false, store: store }, function (req, res) {
+            req.session.hit = true
+            req.session.save(function (err) {
+              if (err) return res.end(err.message)
+              res.end('saved')
+            })
+          })
+
+          request(server)
+            .get('/')
+            .expect(shouldSetSessionInStore(store))
+            .expect(200, 'saved', function (err, res) {
+              if (err) return done(err)
+              request(server)
+                .get('/')
+                .set('Cookie', cookie(res))
+                .expect(shouldSetSessionInStore(store))
+                .expect(200, 'saved', done)
+            })
+        })
+      })
     })
 
     describe('.touch()', function () {