webui

Sabo/webui

Fork 0

Commit Graph

Author	SHA1	Message	Date
Cyprian Kowalczyk	fdf6ebfbe6	fix(auth): prune expired sessions on every verify to prevent memory leak (#196 ) * fix(auth): prune expired sessions on every verify to prevent memory leak The in-memory _sessions dict accumulated expired tokens indefinitely — entries were only removed when that specific token was verified. Add a lazy _prune_expired_sessions() call at the top of verify_session() so all expired entries are swept during normal traffic. Addresses #192. * test(auth): add 8 unit tests for session lifecycle and lazy pruning Tests verify: - Fresh session creation and validation - Expired entries are pruned during verify_session() calls - Valid sessions are never removed by pruning - Empty dict is safe for pruning - Session TTL matches expected 24-hour window - invalidate_session() actually removes the token - Invalidating non-existent tokens is safe	2026-04-09 18:05:23 -07:00

Author

SHA1

Message

Date

Cyprian Kowalczyk

fdf6ebfbe6

fix(auth): prune expired sessions on every verify to prevent memory leak (#196 )

* fix(auth): prune expired sessions on every verify to prevent memory leak

The in-memory _sessions dict accumulated expired tokens indefinitely —
entries were only removed when that specific token was verified. Add a
lazy _prune_expired_sessions() call at the top of verify_session() so
all expired entries are swept during normal traffic.

Addresses #192.

* test(auth): add 8 unit tests for session lifecycle and lazy pruning

Tests verify:
- Fresh session creation and validation
- Expired entries are pruned during verify_session() calls
- Valid sessions are never removed by pruning
- Empty dict is safe for pruning
- Session TTL matches expected 24-hour window
- invalidate_session() actually removes the token
- Invalidating non-existent tokens is safe

2026-04-09 18:05:23 -07:00

1 Commits