willdot.net / statusphere-go
An implementation of the ATProto statusphere example app but in Go
fork atom

Auth - logging in when a session already exists for DID #2

open
opened by willdot.net edited

Sometimes when logging into the app, if that DID had previously already logged in before and the session has expired, the user will need to log out and log back in again.

This is due to the way the database table oauthsessions has been created incorrectly to restrict one session per DID using a unique constraint on the accountDID field. Instead the constraint should be on accountDID and sessionID so that new sessions can be created and a user can have multiple sessions (logged into different devices etc)

Also, this bug is caught when trying to create a status and instead of redirecting to the login screen, it displays a message.

Things to do:

  • Update the unique constraint on the oauthsessions table to be accountDID and sessionID and update the save session SQL query to reflect that constraint
  • Redirect to login screen when user tries to post with invalid session
sign up or login to add to the discussion
Labels
good-first-issue
Participants 1
AT URI
at://did:plc:dadhhalkfcq3gucaq25hjqon/sh.tangled.repo.issue/3m2nwyxewno22