Skip to content

fix(auth): properly delete user session on logout (#16061)#16165

Open
deepshekhardas wants to merge 1 commit intopayloadcms:mainfrom
deepshekhardas:fix/16061-logout-delete-session
Open

fix(auth): properly delete user session on logout (#16061)#16165
deepshekhardas wants to merge 1 commit intopayloadcms:mainfrom
deepshekhardas:fix/16061-logout-delete-session

Conversation

@deepshekhardas
Copy link
Copy Markdown
Contributor

@deepshekhardas deepshekhardas commented Apr 3, 2026

Description

Fixes #16061 - Logout doesn't delete the current user session

Problem

Logout was not properly deleting the current user session. Sessions were piling up in the users_sessions table because the code was trying to access
eq?.user?._sid instead of user._sid.

Root Cause

The code used
eq?.user?._sid which was undefined. The user object from the destructured
eq already contains _sid set by the JWT strategy.

Solution

  • Changed logout.ts to use user._sid directly
  • Added _sid to AuthStrategyResult type definition for proper TypeScript support

Changes

  • packages/payload/src/auth/operations/logout.ts: Use user._sid instead of
    eq?.user?._sid
  • packages/payload/src/auth/types.ts: Add _sid to AuthStrategyResult type

Testing

  • Verified that logout now properly removes the current session from the database

fix(auth): properly delete user session on logout (payloadcms#16061)
5e35f62 
Fixed logout not deleting the current user session due to accessing _sid from wrong object.

- Use user._sid directly instead of req?.user?._sid

- Add _sid to AuthStrategyResult type definition

Fixes payloadcms#16061
@deepshekhardas deepshekhardas mentioned this pull request Apr 3, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@deepshekhardas