Skip to content

Fix session invalidation on logout and revoke-device bug#65

Merged
Tyjfre-j merged 13 commits into
developfrom
Fix
Jul 16, 2026
Merged

Fix session invalidation on logout and revoke-device bug#65
Tyjfre-j merged 13 commits into
developfrom
Fix

Conversation

@Tyjfre-j

Copy link
Copy Markdown
Collaborator

Changes

  • db/queries/session.sql (+ regenerated session.py): removed unscoped GetSessionByDevice, added GetSessionByDeviceForUser (scoped by device + user) and DeleteSessionById (scoped by session + user)
  • app/service/users.pylogout() now deletes the Redis session cache and the DB session row, not just the unrelated UserSessionByUser key
  • app/router/mobile/auth.pyrevoke_device() now checks device ownership before touching anything, uses the new scoped session query, and fetches the session before the cascading DB delete removes it

@Tyjfre-j
Tyjfre-j merged commit 8076846 into develop Jul 16, 2026
2 checks passed
@Tyjfre-j
Tyjfre-j deleted the Fix branch July 16, 2026 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant