closes #4054

src/controllers/accounts/session.js

@@ -1,9 +1,9 @@
 'use strict';
 
-var async = require('async'),
+var async = require('async');
 
-	user = require('../../user'),
-	db = require('../../database');
+var db = require('../../database');
+var user = require('../../user');
 
 var sessionController = {};
 
@@ -15,21 +15,30 @@ sessionController.revoke = function(req, res, next) {
 	var _id;
 
 	async.waterfall([
-		async.apply(db.getObjectField, 'uid:' + req.uid + ':sessionUUID:sessionId', req.params.uuid),
-		function(sessionId, next) {
-			if (!sessionId) {
+		function (next) {
+			db.getSortedSetRange('uid:' + req.uid + ':sessions', 0, -1, next);
+		},
+		function (sids, done) {
+			async.eachSeries(sids, function(sid, next) {
+				db.sessionStore.get(sid, function(err, sessionObj) {
+					if (err) {
+						return next(err);
+					}
+					if (sessionObj && sessionObj.meta && sessionObj.meta.uuid === req.params.uuid) {
+						_id = sid;
+						done();
+					} else {
+						next();
+					}
+				});
+			}, next);
+		},
+		function (next) {
+			if (!_id) {
 				return next(new Error('[[error:no-session-found]]'));
 			}
 
-			_id = sessionId;
-			db.isSortedSetMember('uid:' + req.uid + ':sessions', sessionId, next)
-		},
-		function(isMember, next) {
-			if (isMember) {
-				user.auth.revokeSession(_id, req.uid, next);
-			} else {
-				next(new Error('[[error:no-session-found]]'));
-			}
+			user.auth.revokeSession(_id, req.uid, next);
 		}
 	], function(err) {
 		if (err) {

src/user/auth.js

@@ -71,11 +71,11 @@ module.exports = function(User) {
 
 		async.waterfall([
 			async.apply(db.getSortedSetRange, 'uid:' + uid + ':sessions', 0, -1),
-			function(sids, next) {
+			function (sids, next) {
 				_sids = sids;
 				async.map(sids, db.sessionStore.get.bind(db.sessionStore), next);
 			},
-			function(sessions, next) {
+			function (sessions, next) {
 				sessions.forEach(function(sessionObj, idx) {
 					if (sessionObj && sessionObj.meta) {
 						sessionObj.meta.current = curSessionId === _sids[idx];
@@ -87,16 +87,16 @@ module.exports = function(User) {
 					expired;
 
 				sessions = sessions.filter(function(sessionObj, idx) {
-					expired = !sessionObj || !sessionObj.hasOwnProperty('passport')
-						|| !sessionObj.passport.hasOwnProperty('user')
-						|| parseInt(sessionObj.passport.user, 10) !== parseInt(uid, 10);
+					expired = !sessionObj || !sessionObj.hasOwnProperty('passport') ||
+						!sessionObj.passport.hasOwnProperty('user')	||
+						parseInt(sessionObj.passport.user, 10) !== parseInt(uid, 10);
 
 					if (expired) {
 						expiredSids.push(_sids[idx]);
 					}
 
 					return !expired;
-				}, [])
+				});
 
 				async.each(expiredSids, function(sid, next) {
 					User.auth.revokeSession(sid, uid, next);
@@ -104,7 +104,7 @@ module.exports = function(User) {
 					next(null, sessions);
 				});
 			}
-		], function(err, sessions) {
+		], function (err, sessions) {
 			callback(err, sessions ? sessions.map(function(sessObj) {
 				sessObj.meta.datetimeISO = new Date(sessObj.meta.datetime).toISOString();
 				return sessObj.meta;