From 5e0bda23f3c12b8ce1c0e7c5f888f83cfea3c55e Mon Sep 17 00:00:00 2001
From: remoterami <142154971+remoterami@users.noreply.github.com>
Date: Mon, 4 Sep 2023 10:46:00 +0200
Subject: [PATCH] (NOBIDS) purge all sessions after account deletion (#2487)

* (NOBIDS) purge all sessions after account deletion

* (NOBIDS) using correct error log function

* (NOBIDS) separated parameters from error text
---
 handlers/user.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/handlers/user.go b/handlers/user.go
index a3310bfe79..1e0b8b4748 100644
--- a/handlers/user.go
+++ b/handlers/user.go
@@ -1181,6 +1181,13 @@ func UserDeletePost(w http.ResponseWriter, r *http.Request) {
 		}
 
 		Logout(w, r)
+		err = purgeAllSessionsForUser(r.Context(), user.UserID)
+		if err != nil {
+			utils.LogError(err, "error purging sessions for user", 0, map[string]interface{}{"userID": user.UserID})
+			utils.SetFlash(w, r, authSessionName, authInternalServerErrorFlashMsg)
+			http.Redirect(w, r, "/login", http.StatusSeeOther)
+			return
+		}
 	} else {
 		utils.LogError(nil, "Trying to delete an unauthenticated user", 0)
 		http.Redirect(w, r, "/user/settings", http.StatusSeeOther)