Function invalidate_sessions 

pub async fn invalidate_sessions(
    db: &Db,
    target: SessionTarget,
    reason: SessionInvalidationReason,
) -> Result<InvalidationOutcome>

Centralised session invalidation — the single legitimate writer of rustio_sessions.revoked_at.

Doctrine 22 (centralized invalidation) makes every revoke decision pass through here. Handlers MUST NOT issue raw UPDATE … SET revoked_at statements; a grep for that string in the source tree must return only this module. PR review enforces it.

What this function does:

• Resolves the SessionTarget into the set of session ids that are currently active and match.
• Marks each row revoked_at = NOW() and revoked_reason = reason.as_str().
• Returns the affected ids in the InvalidationOutcome so the caller can write one audit row per revoked session, all sharing the supplied correlation_id.

Audit row writes are the caller’s job (the audit module owns the rustio_admin_actions table; sessions own rustio_sessions). The reason is returned so the caller can render a typed action_type without re-deriving it.