Kaanoz1

**Name of the Vulnerable Software and Affected Versions** @fastify/session versions prior to 10.8.0 @fastify/session versions prior to 10.9.0 **Description** The issue arises when restoring the cookie from the session store, where the `expires` field is overridden if the `maxAge` field was set. This means a cookie is never correctly detected as expired, and thus expired sessions are not destroyed. **Recommendations** For versions prior to 10.8.0, update to version 10.8.0 or later to resolve the issue. For versions prior to 10.9.0, update to version 10.9.0 or later to resolve the issue. As a temporary workaround, consider implementing custom session expiration logic to mitigate the risk of exploitation.