SK-Redis-SessionManager icon indicating copy to clipboard operation
SK-Redis-SessionManager copied to clipboard
verified publisher icon etherCorps

Session ID cleanup on delete

Open yayza opened this issue 1 year ago • 1 comments

Since createSession always adds the session ID to the user set in redis, shouldn't it also always remove it in deleteSession? At the moment deleteSession userId is initialized to null, so this part never gets checked unless I explicitily add the user's ID (had to look at the lib code to figure out why I had so many sessions even when using deleteSession/deleteCookie but they would clean up if I used deleteSessionByUserId):

if (userId) {
	const redisPipeline = this.redisClient.pipeline();
	redisPipeline.del(prefixedSessionKey);
	redisPipeline.srem(getUserSessionKey(this.userSessionsPrefix, userId), sessionId);
	await redisPipeline.exec();
} else {
	await this.redisClient.del(prefixedSessionKey);
}

Maybe i'm overlooking another reason for checking for userId

yayza avatar Sep 01 '24 20:09 yayza

@yayza Ohk, I need to take a look at this on the weekend.

theetherGit avatar Sep 04 '24 06:09 theetherGit