Checklist

• The issue can be reproduced in the nextjs-auth0 sample app (or N/A).
• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

I've been investigating whether existing sessions will be maintained when upgrading to v4 and was pleased to see the team has planned for the scenario. I've found an edge case though which breaks.

Sometimes our v3 integration will generate chunked session cookies. These have the format of appSession.{index} (e.g. appSession.0 and appSession.1). If the session is using chunked cookies then it gets lost after upgrading to v4. If the cookie isn't chunked and is simply named appSession then it migrates correctly.

I dug into the source code and believe I found the issue. In the stateless session store the legacy cookie is fetched via the getChunkedCookie method:

This method checks for cookies in the format __{cookieName}__{index}. Therefore __appSession__0 etc. doesn't yield any matching cookies. The issue here being that the format has changed between v3 and v4.

A potential fix that comes to mind is extending the getChunkedCookie method to receive a legacyFormat boolean argument which can be used internally to instead look for {cookieName}.{index}.

Reproduction

See description

Additional context

No response

nextjs-auth0 version

4.4.2

Next.js version

14.2.26

Node.js version

22