Session Store
Component Detail
Data Layer
medium complexity
backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Persistence layer holding active session records, associated device metadata, and per-organization session policy configuration. Provides query and mutation primitives used by the Session Service while remaining isolated from the Authentication Module's internal credential state.
session-store
Sources & reasoning
Session Management is taxonomy-required at line 380 and operationally grounded by the auth model at lines 152 and 205, which explicitly call out admin-initiated revocation and refresh-token rotation. Not in MVP scope at lines 244-247, so target_release resolves to Core Product per rule 3.
-
docs/source/likeperson.md · line 380Session Management | Session Management Page [ui] | Session Service [service] | Session Store [data]
-
docs/source/likeperson.md · line 205Issues short-lived access tokens plus rotating refresh tokens; sessions survive silently across token expiry and end cleanly when the refresh chain is broken.
-
docs/source/likeperson.md · line 152Session revocation (sign-out, forced expiry, admin-initiated)
Responsibilities
- Store active session records with device, IP, and last-activity metadata
- Persist organization-scoped session-policy configuration
- Provide efficient lookups by organization, user, and session ID
- Mark sessions as revoked and enforce policy-driven expiry
- Maintain referential integrity with users and organizations
Interfaces
findSessionsByOrg(orgId): SessionRecord[]
findSessionsByUser(userId): SessionRecord[]
markSessionRevoked(sessionId, revokedAt): void
getPolicy(orgId): SessionPolicyRecord
upsertPolicy(orgId, policy): SessionPolicyRecord