From a43eef283c34754378ac7c5a2cceae523e4808bc Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Wed, 23 Dec 2015 18:22:32 +0200
Subject: [PATCH] store user sessionId mapping per user

---
 src/controllers/accounts/session.js | 2 +-
 src/controllers/authentication.js   | 2 +-
 src/user/auth.js                    | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/controllers/accounts/session.js b/src/controllers/accounts/session.js
index 97529df09b..d8342d5560 100644
--- a/src/controllers/accounts/session.js
+++ b/src/controllers/accounts/session.js
@@ -15,7 +15,7 @@ sessionController.revoke = function(req, res, next) {
 	var _id;
 
 	async.waterfall([
-		async.apply(db.getObjectField, 'sessionUUID:sessionId', req.params.uuid),
+		async.apply(db.getObjectField, 'uid:' + req.uid + ':sessionUUID:sessionId', req.params.uuid),
 		function(sessionId, next) {
 			if (!sessionId) {
 				return next(new Error('[[error:no-session-found]]'));
diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index cabb25b79d..1ffee1c896 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -197,7 +197,7 @@ function continueLogin(req, res, next) {
 
 					// Associate login session with user
 					user.auth.addSession(userData.uid, req.sessionID);
-					db.setObjectField('sessionUUID:sessionId', uuid, req.sessionID);
+					db.setObjectField('uid:' + userData.uid + 'sessionUUID:sessionId', uuid, req.sessionID);
 
 					plugins.fireHook('action:user.loggedIn', userData.uid);
 				}
diff --git a/src/user/auth.js b/src/user/auth.js
index 567e4b2baa..2a6f0c7f54 100644
--- a/src/user/auth.js
+++ b/src/user/auth.js
@@ -89,7 +89,7 @@ module.exports = function(User) {
 					expired = !sessionObj || !sessionObj.hasOwnProperty('passport')
 						|| !sessionObj.passport.hasOwnProperty('user')
 						|| parseInt(sessionObj.passport.user, 10) !== parseInt(uid, 10);
-					
+
 					if (expired) {
 						expiredSids.push(_sids[idx]);
 					}
@@ -121,7 +121,7 @@ module.exports = function(User) {
 
 		db.sessionStore.get(sessionId, function(err, sessionObj) {
 			async.parallel([
-				async.apply(db.deleteObjectField, 'sessionUUID:sessionId', sessionObj.meta.uuid),
+				async.apply(db.deleteObjectField, 'uid:' + uid + ':sessionUUID:sessionId', sessionObj.meta.uuid),
 				async.apply(db.sortedSetRemove, 'uid:' + uid + ':sessions', sessionId),
 				async.apply(db.sessionStore.destroy.bind(db.sessionStore), sessionId)
 			], callback);