Skip to main content

Module session

Module session 

Source
Expand description

Server-side token state: refresh-token rotation, pending MFA challenges, and the per-user device/session index used for “log out everywhere” and back-channel revocation (Phase 4).

Structs§

MemoryChallengeStore
MemoryRefreshStore
MemorySessionIndex
PendingChallenge
After a correct password on an MFA-enrolled account, the engine parks a short-lived challenge and returns its id; the second-factor step redeems it.
SessionRecord
One authenticated session/device row surfaced to the user for review/revoke.

Traits§

ChallengeStore
RefreshStore
Persists the live jti of each refresh token so rotation can atomically invalidate the old one. Backed by Redis with per-key TTL in production.
SessionIndex
Tracks active sessions per user for management + back-channel logout.