Skip to content

Auth refactor 5/10 — Centralized session-cache eviction in the auth service #48

Description

@pranavp10

This ticket was generated by AI (to-tickets) from #43.

Parent

#43

What to build

Make session revocation near-instant instead of purely TTL-bound. Since there is one shared Redis across all services, eviction is centralized in the auth service (the owner of the relevant lifecycle events) rather than duplicated across every service's plugin. On logout, evict that single session-token entry; on password-change or organization-switch, read the per-user index and evict the whole set.

This is independent of service migration — migrated services get 5s-TTL revocation until this lands, then near-instant afterward.

Acceptance criteria

  • Auth service subscribes to logout / password-change / organization-switch events
  • Logout evicts the specific session-token cache entry
  • Password-change and org-switch evict all of the user's session tokens via the per-user index
  • Uses the shared key convention owned by the middleware package (no divergent keys)
  • Tests drive each event and assert the session-token key + user-index entries are gone from Redis
  • Tripwire (Auth refactor 1/10 — Test harness + characterization tripwire #44) still passes

Blocked by

Metadata

Metadata

Assignees

Labels

ready-for-agentFully specified, ready for an AFK agent

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions