fix: Prevent cookie accumulation when domain config varies

[tusharpandey13]

Problem

When AUTH0_COOKIE_DOMAIN is configured (e.g., .example.com), cookies can accumulate instead of being replaced, eventually causing HTTP 431 errors.

Per RFC 6265, cookies are unique by (name, domain, path). When the SDK deletes cookies, it only emits a Set-Cookie header matching the current domain configuration—leaving orphaned cookies from prior configurations or middleware/route handler mismatches.

Changes

When a domain is configured, cookie deletion now emits two Set-Cookie headers:

1. Domain-scoped: Set-Cookie: __session=; Domain=.example.com; Max-Age=0
2. Host-only: Set-Cookie: __session=; Max-Age=0 (no Domain attribute)

This ensures both cookie variants are cleared, preventing accumulation regardless of how the cookie was originally set.

An optional rawHeaders parameters is used for cookie set/delete operations.

• cookies.ts: deleteCookie(), deleteChunkedCookie(), setChunkedCookie() accept optional rawHeaders param; emit dual deletion headers when domain configured
• abstract-session-store.ts: Updated set()/delete() signatures with rawHeaders param
• stateless-session-store.ts: Propagate rawHeaders to cookie functions
• stateful-session-store.ts: Propagate rawHeaders to cookie functions
• transaction-store.ts: Updated delete()/deleteAll() with rawHeaders param
• auth-client.ts: Pass res.headers to all 12 session/transaction store call sites
• client.ts: Pass rawHeaders in middleware and pages router paths

Testing

9 new flow tests covering dual-domain deletion behavior

[codecov-commenter]

Codecov Report

❌ Patch coverage is 96.17225% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 91.13%. Comparing base (f435994) to head (5e56ff1).

Files with missing lines	Patch %	Lines
src/server/client.ts	79.41%	7 Missing ⚠️
src/server/session/stateless-session-store.ts	91.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2462      +/-   ##
==========================================
+ Coverage   90.99%   91.13%   +0.14%     
==========================================
  Files          39       39              
  Lines        4520     4661     +141     
  Branches      939      945       +6     
==========================================
+ Hits         4113     4248     +135     
- Misses        401      407       +6     
  Partials        6        6              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.