From d46740f86057317641101086b57d8da773b83c57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 30 Nov 2020 15:05:26 -0500
Subject: [PATCH] fix: #9007 revoke old sessions after adding

---
 src/user/auth.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/user/auth.js b/src/user/auth.js
index 0a38609215..fdf318d156 100644
--- a/src/user/auth.js
+++ b/src/user/auth.js
@@ -107,8 +107,8 @@ module.exports = function (User) {
 			return;
 		}
 		await cleanExpiredSessions(uid);
-		await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);
 		await db.sortedSetAdd('uid:' + uid + ':sessions', Date.now(), sessionId);
+		await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);
 	};
 
 	async function revokeSessionsAboveThreshold(uid, maxUserSessions) {