From a32d8d6492c5b270ddf2ac901071031c573b9669 Mon Sep 17 00:00:00 2001 From: kolaente Date: Fri, 12 Jun 2026 11:05:14 +0200 Subject: [PATCH] fix(auth): roll back on commit failure in DeleteSession Restore the rollback-on-commit-failure that v1's Logout handler had before this session-deletion logic was extracted, so a failed commit does not leave the transaction open longer than the deferred Close. --- pkg/routes/api/shared/auth.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/routes/api/shared/auth.go b/pkg/routes/api/shared/auth.go index acfa47ce0..d43deb358 100644 --- a/pkg/routes/api/shared/auth.go +++ b/pkg/routes/api/shared/auth.go @@ -200,7 +200,12 @@ func DeleteSession(sid string) error { return err } - return s.Commit() + if err := s.Commit(); err != nil { + _ = s.Rollback() + return err + } + + return nil } // ResetPassword resets a user's password from a previously issued reset token