revokeSession method

Future<bool> revokeSession(Session session, { required UuidValue serverSideSessionId, Transaction? transaction, })

Removes the specified session and thus signs out its user on its device.

This does not affect the user's sessions on other devices. Returns true if the token was found and deleted, false otherwise.

If the session does not exist, this method will have no effect.

Automatically registers authentication revocation via session.messages.authenticationRevoked when the session is deleted. If this behavior is not desired, use AuthSessionsAdmin.deleteSessions instead.

Implementation

Future<bool> revokeSession(
  final Session session, {
  required final UuidValue serverSideSessionId,
  final Transaction? transaction,
}) async {
  // Delete the user session for the current device
  final serverSideSession = (await ServerSideSession.db.deleteWhere(
    session,
    where: (final row) => row.id.equals(serverSideSessionId),
    transaction: transaction,
  )).firstOrNull;

  if (serverSideSession == null) {
    return false;
  }

  // Notify the client about the revoked authentication for the specific
  // user session
  await session.messages.authenticationRevoked(
    serverSideSession.authUserId.uuid,
    RevokedAuthenticationAuthId(authId: serverSideSessionId.toString()),
  );

  return true;
}