fix: move database call used to associate a NodeBB session UUID to its express session id into user.auth.addSession, which is the only time it is called

1 year ago · e1bced8c2c
parent 9dc9d5ef54
commit e1bced8c2c
2 changed files with 6 additions and 6 deletions
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@ -379,15 +379,12 @@ authenticationController.onSuccessfulLogin = async function (req, uid) {
 			new Promise((resolve) => {
 				req.session.save(resolve);
 			}),
-			user.auth.addSession(uid, req.sessionID),
+			user.auth.addSession(uid, req.sessionID, uuid),
 			user.updateLastOnlineTime(uid),
 			user.onUserOnline(uid, Date.now()),
 			analytics.increment('logins'),
 			db.incrObjectFieldBy('global', 'loginCount', 1),
 		]);
 		if (uid > 0) {
 			await db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, req.sessionID);
 		}
 		// Force session check for all connected socket.io clients with the same session id
 		sockets.in(`sess_${req.sessionID}`).emit('checkSession', uid);
--- a/src/user/auth.js
+++ b/src/user/auth.js
@ -106,12 +106,15 @@ module.exports = function (User) {
 		await db.sortedSetRemove(`uid:${uid}:sessions`, expiredSids);
 	}
-	User.auth.addSession = async function (uid, sessionId) {
+	User.auth.addSession = async function (uid, sessionId, uuid) {
 		if (!(parseInt(uid, 10) > 0)) {
 			return;
 		}
 		await cleanExpiredSessions(uid);
-		await db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId);
+		await Promise.all([
 			db.sortedSetAdd(`uid:${uid}:sessions`, Date.now(), sessionId),
 			db.setObjectField(`uid:${uid}:sessionUUID:sessionId`, uuid, sessionId),
 		]);
 		await revokeSessionsAboveThreshold(uid, meta.config.maxUserSessions);
 	};