Since createSession always adds the session ID to the user set in redis, shouldn't it also always remove it in deleteSession? At the moment deleteSession userId is initialized to null, so this part never gets checked unless I explicitily add the user's ID (had to look at the lib code to figure out why I had so many sessions even when using deleteSession/deleteCookie but they would clean up if I used deleteSessionByUserId):
if (userId) {
const redisPipeline = this.redisClient.pipeline();
redisPipeline.del(prefixedSessionKey);
redisPipeline.srem(getUserSessionKey(this.userSessionsPrefix, userId), sessionId);
await redisPipeline.exec();
} else {
await this.redisClient.del(prefixedSessionKey);
}
Maybe i'm overlooking another reason for checking for userId
Since
createSessionalways adds the session ID to the user set in redis, shouldn't it also always remove it indeleteSession? At the moment deleteSession userId is initialized to null, so this part never gets checked unless I explicitily add the user's ID (had to look at the lib code to figure out why I had so many sessions even when using deleteSession/deleteCookie but they would clean up if I used deleteSessionByUserId):Maybe i'm overlooking another reason for checking for userId