fix(sessions): add an expiration date filter to list sessions api (#10384)

# Which Problems Are Solved The deletion of expired sessions does not go through even though a success response is returned to the user. These expired and supposedly deleted (to the user) sessions are then returned when the `ListSessions` API is called. This PR fixes this issue by: 1. Allowing deletion of expired sessions 2. Providing an `expiration_date` filter in `ListSession` API to filter sessions by expiration date # How the Problems Are Solved 1. Remove expired session check during deletion 2. Add an `expiration_date` filter to the `ListSession` API # Additional Changes N/A # Additional Context - Closes #10045 --------- Co-authored-by: Marco A. <marco@zitadel.com>
2025-08-11 19:07:30 +00:00 · 2025-08-07 14:58:59 +02:00
parent 7e184727b0
commit a96f4708cb
8 changed files with 280 additions and 13 deletions
--- a/internal/command/session.go
+++ b/internal/command/session.go
@@ -346,7 +346,9 @@ func (c *Commands) terminateSession(ctx context.Context, sessionID, sessionToken
 			return nil, err
 		}
 	}
-	if sessionWriteModel.CheckIsActive() != nil {
+
+	// exclude expiration check as expired tokens can be deleted
+	if sessionWriteModel.State == domain.SessionStateUnspecified || sessionWriteModel.State == domain.SessionStateTerminated {
 		return writeModelToObjectDetails(&sessionWriteModel.WriteModel), nil
 	}
 	terminate := session.NewTerminateEvent(ctx, &session.NewAggregate(sessionWriteModel.AggregateID, sessionWriteModel.ResourceOwner).Aggregate)