Affected Apps / Packages
Server (apps/server)
Description
The backend audit found authenticated user identity cache TTL is hardcoded around 900 seconds instead of using AUTH_SESSION_CACHE_MAX_AGE_SECONDS. Session revocation latency can exceed expected runtime configuration.
Steps to Reproduce
- Configure
AUTH_SESSION_CACHE_MAX_AGE_SECONDS.
- Authenticate a user.
- Revoke/mutate session.
- Observe cache behavior can continue using hardcoded TTL.
Expected Behavior
Auth cache TTL should respect runtime config and be invalidated on relevant auth/session changes.
Environment Information
- App:
@veriworkly/server
- Middleware: auth/session cache
Relevant Logs
No response
Proposed Fix / Suggestions
- Use config value for Redis session cache TTL.
- Invalidate cache on sign-out/account/session mutations.
- Add tests for configured TTL.
Affected Apps / Packages
Server (apps/server)
Description
The backend audit found authenticated user identity cache TTL is hardcoded around 900 seconds instead of using
AUTH_SESSION_CACHE_MAX_AGE_SECONDS. Session revocation latency can exceed expected runtime configuration.Steps to Reproduce
AUTH_SESSION_CACHE_MAX_AGE_SECONDS.Expected Behavior
Auth cache TTL should respect runtime config and be invalidated on relevant auth/session changes.
Environment Information
@veriworkly/serverRelevant Logs
No response
Proposed Fix / Suggestions