From 0f94010104e1cc8026e3313fd9223b482a0ea09c Mon Sep 17 00:00:00 2001
From: stringadmin <stringadmin@omniai.dev>
Date: Mon, 8 Jun 2026 15:55:43 +0800
Subject: [PATCH] Use latest login session as active device

---
 src/auth.js | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/auth.js b/src/auth.js
index 0829e60..7ea3c3a 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -6,7 +6,6 @@ const { getJwtSecret } = require("./securityConfig");
 
 const JWT_SECRET = getJwtSecret();
 const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "7d";
-const MAX_CONCURRENT_SESSIONS = 2;
 
 const USER_CONTEXT_SELECT = `
   SELECT
@@ -170,25 +169,26 @@ function verifyToken(token) {
 
 async function startUserSession(userId, userAgent) {
   const sessionId = crypto.randomUUID();
-  await pool.query(
-    "INSERT INTO user_sessions (id, user_id, user_agent, created_at) VALUES ($1, $2, $3, NOW())",
-    [sessionId, userId, userAgent || null],
-  );
-  await pool.query(
-    `DELETE FROM user_sessions
-     WHERE user_id = $1
-       AND id NOT IN (
-         SELECT id FROM user_sessions
-         WHERE user_id = $1
-         ORDER BY created_at DESC
-         LIMIT $2
-       )`,
-    [userId, MAX_CONCURRENT_SESSIONS],
-  );
-  await pool.query(
-    "UPDATE users SET current_session_id = $1, current_session_started_at = NOW(), updated_at = NOW() WHERE id = $2",
-    [sessionId, userId],
-  );
+  const client = await pool.connect();
+  try {
+    await client.query("BEGIN");
+    await client.query("SELECT id FROM users WHERE id = $1 FOR UPDATE", [userId]);
+    await client.query("DELETE FROM user_sessions WHERE user_id = $1", [userId]);
+    await client.query(
+      "INSERT INTO user_sessions (id, user_id, user_agent, created_at) VALUES ($1, $2, $3, NOW())",
+      [sessionId, userId, userAgent || null],
+    );
+    await client.query(
+      "UPDATE users SET current_session_id = $1, current_session_started_at = NOW(), updated_at = NOW() WHERE id = $2",
+      [sessionId, userId],
+    );
+    await client.query("COMMIT");
+  } catch (error) {
+    await client.query("ROLLBACK");
+    throw error;
+  } finally {
+    client.release();
+  }
   return sessionId;
 }