store user sessionId mapping per user

2025-12-24 01:10:31 +01:00 · 2015-12-23 18:22:32 +02:00
parent b7e492363c
commit a43eef283c
3 changed files with 4 additions and 4 deletions
--- a/src/controllers/accounts/session.js
+++ b/src/controllers/accounts/session.js
@@ -15,7 +15,7 @@ sessionController.revoke = function(req, res, next) {
 	var _id;
 	async.waterfall([
-		async.apply(db.getObjectField, 'sessionUUID:sessionId', req.params.uuid),
+		async.apply(db.getObjectField, 'uid:' + req.uid + ':sessionUUID:sessionId', req.params.uuid),
 		function(sessionId, next) {
 			if (!sessionId) {
 				return next(new Error('[[error:no-session-found]]'));
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -197,7 +197,7 @@ function continueLogin(req, res, next) {
 					// Associate login session with user
 					user.auth.addSession(userData.uid, req.sessionID);
-					db.setObjectField('sessionUUID:sessionId', uuid, req.sessionID);
+					db.setObjectField('uid:' + userData.uid + 'sessionUUID:sessionId', uuid, req.sessionID);
 					plugins.fireHook('action:user.loggedIn', userData.uid);
 				}
--- a/src/user/auth.js
+++ b/src/user/auth.js
@@ -121,7 +121,7 @@ module.exports = function(User) {
 		db.sessionStore.get(sessionId, function(err, sessionObj) {
 			async.parallel([
-				async.apply(db.deleteObjectField, 'sessionUUID:sessionId', sessionObj.meta.uuid),
+				async.apply(db.deleteObjectField, 'uid:' + uid + ':sessionUUID:sessionId', sessionObj.meta.uuid),
 				async.apply(db.sortedSetRemove, 'uid:' + uid + ':sessions', sessionId),
 				async.apply(db.sessionStore.destroy.bind(db.sessionStore), sessionId)
 			], callback);