This ticket was generated by AI (to-tickets) from #43.
Parent
#43
What to build
Make session revocation near-instant instead of purely TTL-bound. Since there is one shared Redis across all services, eviction is centralized in the auth service (the owner of the relevant lifecycle events) rather than duplicated across every service's plugin. On logout, evict that single session-token entry; on password-change or organization-switch, read the per-user index and evict the whole set.
This is independent of service migration — migrated services get 5s-TTL revocation until this lands, then near-instant afterward.
Acceptance criteria
Blocked by
Parent
#43
What to build
Make session revocation near-instant instead of purely TTL-bound. Since there is one shared Redis across all services, eviction is centralized in the auth service (the owner of the relevant lifecycle events) rather than duplicated across every service's plugin. On logout, evict that single session-token entry; on password-change or organization-switch, read the per-user index and evict the whole set.
This is independent of service migration — migrated services get 5s-TTL revocation until this lands, then near-instant afterward.
Acceptance criteria
Blocked by