Merge pull request #5151 from mslourens/prevent_multiple_sessions
invalidate sessions before login
This commit is contained in:
commit
bff43d37d5
|
@ -15,6 +15,9 @@ function makeSessionID(userId, sessionId) {
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.createASession = async (userId, session) => {
|
exports.createASession = async (userId, session) => {
|
||||||
|
// invalidate all other sessions
|
||||||
|
await this.invalidateSessions(userId)
|
||||||
|
|
||||||
const client = await redis.getSessionClient()
|
const client = await redis.getSessionClient()
|
||||||
const sessionId = session.sessionId
|
const sessionId = session.sessionId
|
||||||
if (!session.csrfToken) {
|
if (!session.csrfToken) {
|
||||||
|
|
Loading…
Reference in New Issue