Skip to content

Commit 101010c

Browse files
ScriptSmithScriptSmith
committed
Review fixes
1 parent 49513e1 commit 101010c

2 files changed

Lines changed: 25 additions & 14 deletions

File tree

src/routes/admin/me_sessions.rs

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -61,11 +61,16 @@ pub async fn list(
6161
let session_store = get_session_store(&state)?;
6262
let enhanced_enabled = session_store.is_enhanced_enabled();
6363

64-
// Extract current session ID from cookie so the UI can highlight it
65-
let session_config = state.config.auth.session_config_or_default();
66-
let current_session_id = cookies
67-
.get(&session_config.cookie_name)
68-
.and_then(|c| c.value().parse::<Uuid>().ok());
64+
// Extract current session ID from cookie so the UI can highlight it.
65+
// Only include when enhanced sessions are enabled to avoid leaking the session UUID.
66+
let current_session_id = if enhanced_enabled {
67+
let session_config = state.config.auth.session_config_or_default();
68+
cookies
69+
.get(&session_config.cookie_name)
70+
.and_then(|c| c.value().parse::<Uuid>().ok())
71+
} else {
72+
None
73+
};
6974

7075
let sessions = session_store
7176
.list_user_sessions(external_id)
@@ -140,14 +145,14 @@ pub async fn delete_one(
140145
}
141146
};
142147

143-
let sessions_revoked = match session_store.delete_session(session_id).await {
144-
Ok(_) if session_existed => 1,
145-
Ok(_) => 0,
146-
Err(e) => {
147-
return Err(AdminError::Internal(format!(
148-
"Failed to delete session: {e}"
149-
)));
150-
}
148+
let sessions_revoked = if !session_existed {
149+
0
150+
} else {
151+
session_store
152+
.delete_session(session_id)
153+
.await
154+
.map_err(|e| AdminError::Internal(format!("Failed to delete session: {e}")))?;
155+
1
151156
};
152157

153158
if session_existed {

ui/src/pages/AccountPage.tsx

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,11 @@ export default function AccountPage() {
7575
});
7676

7777
// Sessions
78-
const { data: sessions, isLoading: sessionsLoading } = useQuery(meSessionsListOptions());
78+
const {
79+
data: sessions,
80+
isLoading: sessionsLoading,
81+
isError: sessionsError,
82+
} = useQuery(meSessionsListOptions());
7983

8084
const deleteSessionMutation = useMutation({
8185
...meSessionsDeleteOneMutation(),
@@ -306,6 +310,8 @@ export default function AccountPage() {
306310
<Skeleton className="h-24 w-full" />
307311
<Skeleton className="h-24 w-full" />
308312
</div>
313+
) : sessionsError ? (
314+
<p className="text-sm text-destructive">Failed to load sessions. Please try again.</p>
309315
) : sessions?.enhanced_enabled === false ? (
310316
<p className="text-sm text-muted-foreground">
311317
Session tracking is not enabled for this deployment.

0 commit comments

Comments
 (0)