Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session ID cleanup on delete #10

Open
yayza opened this issue Sep 1, 2024 · 1 comment
Open

Session ID cleanup on delete #10

yayza opened this issue Sep 1, 2024 · 1 comment

Comments

@yayza
Copy link
Contributor

yayza commented Sep 1, 2024
edited
Loading

Since createSession always adds the session ID to the user set in redis, shouldn't it also always remove it in deleteSession? At the moment deleteSession userId is initialized to null, so this part never gets checked unless I explicitily add the user's ID (had to look at the lib code to figure out why I had so many sessions even when using deleteSession/deleteCookie but they would clean up if I used deleteSessionByUserId):

if (userId) {
	const redisPipeline = this.redisClient.pipeline();
	redisPipeline.del(prefixedSessionKey);
	redisPipeline.srem(getUserSessionKey(this.userSessionsPrefix, userId), sessionId);
	await redisPipeline.exec();
} else {
	await this.redisClient.del(prefixedSessionKey);
}

Maybe i'm overlooking another reason for checking for userId
@theetherGit
Copy link
Contributor

@yayza Ohk, I need to take a look at this on the weekend.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theetherGit @yayza