Skip to content

[BUG] Typehinting session parameter pulls in query parameters #845

Open
Open
[BUG] Typehinting session parameter pulls in query parameters#845
Labels
bugSomething isn't working
@sd-scriba

Description

@sd-scriba
sd-scriba
opened on Mar 19, 2026

Describe the bug
If you type hint the session parameter in a route function query parameters from the request get added to the session. Remove the type hinting and the query parameters don't get added.

In v0.12.44, the change "Add all HTTP request param handling to websockets too" refactored the parameter handling functions. The key problematic line introduced is in _find_ps:

async def _find_ps(conn, data, hdrs, params):
    if conn.query_params: data |= dict(conn.query_params)  # <-- merges query params into data
    ...

This merges all query parameters into the data dict before any handler parameters are resolved. The problem occurs in _find_p when it processes a session parameter — if the session type is treated as a body type (dict or similar), the contaminated data dict (now containing query params) gets used to populate it.

The session then ends up containing all query parameters, which gets serialized into the cookie by Starlette's SessionMiddleware, blowing past the cookie size limit and causing the session to be cleared on every request.

Minimal Reproducible Example
Provide a minimal code snippet that reproduces the issue. This is crucial for us to understand and fix the bug quickly.

from fasthtml.common import APIRouter, Request

router = APIRouter()

@router("/broken", ["GET"])
def get_video(request: Request, session: dict):
    # session will contain any query parameters from the request.

@router("/works", ["GET"])
def get_video(request: Request, session):
    # session will not contain query parameters from the request.

Expected behavior
I wouldn't expect typing the session parameter to change what's provided in the session parameter.

Environment Information
Please provide the following version information:

  • fastlite version:0.2.4
  • fastcore version:1.12.26
  • fasthtml version:>=0.12.44

Confirmation
Please confirm the following:

  • I have read the FAQ (https://docs.fastht.ml/explains/faq.html)
  • I have provided a minimal reproducible example
  • I have included the versions of fastlite, fastcore, and fasthtml
  • I understand that this is a volunteer open source project with no commercial support.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions