From fdba7d4515405ae0d6497e3a73b0b24f076cd80f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mi=C5=A1a=20Stefanovi=C4=87?=
 <40996107+MikMik1011@users.noreply.github.com>
Date: Tue, 31 Dec 2024 05:08:13 +0100
Subject: [PATCH] fix(session): use subquery for deleting excess sessions
 (#116)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Aleksa Siriški <31509435+aleksasiriski@users.noreply.github.com>
---
 src/lib/server/db/session.ts | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/lib/server/db/session.ts b/src/lib/server/db/session.ts
index 153ce7b..6343ff2 100644
--- a/src/lib/server/db/session.ts
+++ b/src/lib/server/db/session.ts
@@ -106,7 +106,7 @@ export async function invalidateExcessSessions(userId: number): Promise<void> {
 		throw new Error('Invalid userId');
 	}
 
-	const newestSessions = await db
+	const newestSessions = db
 		.select({
 			id: sessionTable.id
 		})
@@ -115,11 +115,9 @@ export async function invalidateExcessSessions(userId: number): Promise<void> {
 		.orderBy(desc(sessionTable.timestamp))
 		.limit(maxActiveSessions);
 
-	const sessionIdsToKeep = newestSessions.map((session) => session.id);
-
 	await db
 		.delete(sessionTable)
-		.where(and(eq(sessionTable.userId, userId), notInArray(sessionTable.id, sessionIdsToKeep)));
+		.where(and(eq(sessionTable.userId, userId), notInArray(sessionTable.id, newestSessions)));
 }
 
 export type SessionValidationResult =