Closed enescakir closed 3 months ago
Looks good, thanks for the patch!
@jeremyevans would you be willing to cut a release that includes this soon? This will allow me to apply a clean-up (which I had initially tried to resolve in #137):
diff --git a/app/core/authentication/rodauth_common.rb b/app/core/authentication/rodauth_common.rb
index 4458d0344..5a195f4f8 100644
--- a/app/core/authentication/rodauth_common.rb
+++ b/app/core/authentication/rodauth_common.rb
@@ -374,14 +374,7 @@ module Authentication
super() if defined?(super)
transaction do
- # Expire all active sessions
- #
- # Unfortunately, can't use `remove_all_active_sessions` as it tries to read account_id from session, but we are
- # not logged in. See https://github.com/jeremyevans/rodauth/pull/137
- db[active_sessions_table]
- .where(active_sessions_account_id_column => account_id)
- .delete
-
+ remove_all_active_sessions
disable_remember_login # expire all remember tokens
end
end
Sure, I can work on a release. Sorry about the delay.
When
active_sessions_ds
usessession_value
to select active sessions, it doesn't return the sessions for not-logged in users. This makes helpers likeremove_all_active_sessions
ineffective. In such situations, we can useaccount_id
as a fallback to select the active session.