sessions
Component Detail
Data Layer
low complexity
Shared Component
backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Data component managing the sessions table, which stores active and revoked session records with user identity, tenant association, token references, and last-activity timestamps. Provides query and mutation access patterns used by both the Auth Module and the Session Revocation Service.
sessions
Sources & reasoning
The sessions table is the authoritative store for session state. It is already present from the Email & Password Login feature but is explicitly required by this feature for admin-scoped queries and revocation writes. Marked shared because it is used by multiple features in the authentication area.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Store session records with userId, tenantId, tokenHash, lastActivity, and revoked flag
- Support tenant-scoped queries for the active session list
- Persist revocation status and revocation timestamp
- Link to refresh_tokens table for full chain invalidation
Interfaces
findActiveByTenant(tenantId, pagination): Session[]
findByUser(userId): Session[]
markRevoked(sessionId, revokedAt, revokedByAdminId): void
markAllRevokedForUser(userId, tenantId): number
findById(sessionId): Session | null