session cookie is being set even if request fails

[manumrtf]

this is the code of my controller

 public async register(ctx: HttpContextContract) {
    await ctx.request.validate(RegisterUserValidator)
    const user = new User()
    user.email = ctx.request.input('email')
    user.username = ctx.request.input('username')
    user.password = ctx.request.input('password')
    user.rol = Rol.SUPERUSER
    const organization = new Organization()
    organization.name = ctx.request.input('organization')
    await user.save()
    await user.related('organization').associate(organization)
    await ctx.auth.use('web').login(user)
  }

[thetutlage]

Sessions and auth are two different things. You can use session without auth as well and hence the session cookie is created when your app is using the session module. https://docs.adonisjs.com/guides/session