# SessionStore Component ## Purpose Manage active user sessions in Redis for fast authentication and revocation. ## Public API ### Methods #### create_session(user_id: str, token_id: str, metadata: dict) -> bool Store a new active session. **Parameters:** - `user_id`: User identifier - `token_id`: JWT jti (unique token ID) - `metadata`: Optional data (IP, user agent, device) **Returns:** True if created #### get_session(token_id: str) -> Session | None Retrieve active session info. **Parameters:** - `token_id`: JWT jti **Returns:** Session object or None if expired/revoked #### revoke_session(token_id: str) -> bool Invalidate a specific session. **Parameters:** - `token_id`: JWT jti **Returns:** True if revoked #### revoke_all_user_sessions(user_id: str) -> int Invalidate all sessions for a user. **Parameters:** - `user_id`: User identifier **Returns:** Count of sessions revoked #### get_user_session_count(user_id: str) -> int Count active sessions for a user. **Parameters:** - `user_id`: User identifier **Returns:** Number of active sessions --- ## Redis Keys Structure ``` session:{user_id}:{token_id} -> JSON session metadata user_sessions:{user_id} -> SET of active token_ids rate_limit:login:{ip} -> COUNT with TTL ``` ## TTL - Session tokens: 15 minutes (synced with access token) - Rate limit counters: 15 minutes ## Dependencies - Redis connection (via aioredis) - TokenService (for token ID generation) ## Configuration ```python SESSION_TTL = 900 # 15 minutes MAX_SESSIONS_PER_USER = 10 RATE_LIMIT_WINDOW = 900 # 15 minutes ```