Merge pull request #5151 from mslourens/prevent_multiple_sessions

invalidate sessions before login
This commit is contained in:
Martin McKeaveney 2022-04-06 22:18:17 +01:00 committed by GitHub
commit bff43d37d5
1 changed files with 3 additions and 0 deletions

View File

@ -15,6 +15,9 @@ function makeSessionID(userId, sessionId) {
} }
exports.createASession = async (userId, session) => { exports.createASession = async (userId, session) => {
// invalidate all other sessions
await this.invalidateSessions(userId)
const client = await redis.getSessionClient() const client = await redis.getSessionClient()
const sessionId = session.sessionId const sessionId = session.sessionId
if (!session.csrfToken) { if (!session.csrfToken) {