Merge pull request #9209 from appwrite/fix-9052-delete-session

Ensure user can delete session
2026-05-23 00:49:02 +00:00 · 2025-01-11 11:09:20 -08:00 · 2025-01-11 11:09:20 -08:00 · 86874cbec1
commit 86874cbec1
parent 9b404db87f f48c843bea
2 changed files with 14 additions and 0 deletions
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@ -1814,6 +1814,12 @@ App::post('/v1/users/:userId/sessions')
            $detector->getDevice()
        ));

+        $session->setAttribute('$permissions', [
+            Permission::read(Role::user($user->getId())),
+            Permission::update(Role::user($user->getId())),
+            Permission::delete(Role::user($user->getId())),
+        ]);
+
        $countryName = $locale->getText('countries.' . strtolower($session->getAttribute('countryCode')), $locale->getText('locale.country.unknown'));

        $session = $dbForProject->createDocument('sessions', $session);
--- a/tests/e2e/Services/Users/UsersBase.php
+++ b/tests/e2e/Services/Users/UsersBase.php
@ -318,6 +318,14 @@ trait UsersBase
        ]);

        $this->assertEquals(200, $response['headers']['status-code']);
+
+        $response = $this->client->call(Client::METHOD_DELETE, '/account/sessions/current', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'x-appwrite-session' => $session['secret']
+        ]);
+
+        $this->assertEquals(204, $response['headers']['status-code']);
    }