From 5570aa71bea550cb8229cb8596d21e99effa2e37 Mon Sep 17 00:00:00 2001 From: Akhil Narang Date: Tue, 27 Aug 2024 17:58:20 +0530 Subject: [PATCH] fix(sessions): logout properly when user requests logout on password change Signed-off-by: Akhil Narang --- frappe/sessions.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/frappe/sessions.py b/frappe/sessions.py index 8c3f59fbaf..aa2c9831bc 100644 --- a/frappe/sessions.py +++ b/frappe/sessions.py @@ -49,24 +49,26 @@ def clear_sessions(user=None, keep_current=False, force=False): delete_session(sid, reason=reason) -def get_sessions_to_clear(user=None, keep_current=False): +def get_sessions_to_clear(user=None, keep_current=False, force=False): """Return sessions of the current user. Called at login / logout. :param user: user name (default: current user) :param keep_current: keep current session (default: false) + :param force: ignore simultaneous sessions count, log the user out of all except current (default: false) """ if not user: user = frappe.session.user offset = 0 - if user == frappe.session.user: + if not force and user == frappe.session.user: simultaneous_sessions = frappe.db.get_value("User", user, "simultaneous_sessions") or 1 offset = simultaneous_sessions session = frappe.qb.DocType("Sessions") session_id = frappe.qb.from_(session).where(session.user == user) if keep_current: - offset = max(0, offset - 1) + if not force: + offset = max(0, offset - 1) session_id = session_id.where(session.sid != frappe.session.sid) query = ( @@ -80,7 +82,7 @@ def delete_session(sid=None, user=None, reason="Session Expired"): from frappe.core.doctype.activity_log.feed import logout_feed if frappe.flags.read_only: - # This isn't manually initated logout, most likely user's cookies were expired in such case + # This isn't manually initiated logout, most likely user's cookies were expired in such case # we should just ignore it till database is back up again. return