From 7ff5da6522acfc437fc7dfc22b11cef251800e80 Mon Sep 17 00:00:00 2001
From: Pascal Jufer <pascal-jufer@bluewin.ch>
Date: Thu, 27 Jun 2024 16:57:29 +0200
Subject: [PATCH] Account for share when updating stateful sessions (#22867)

* Account for share when updating stateful sessions

* Add changeset
---
 .changeset/shaggy-bees-search.md   | 5 +++++
 api/src/services/authentication.ts | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/shaggy-bees-search.md

diff --git a/.changeset/shaggy-bees-search.md b/.changeset/shaggy-bees-search.md
new file mode 100644
index 0000000000..f9051bc013
--- /dev/null
+++ b/.changeset/shaggy-bees-search.md
@@ -0,0 +1,5 @@
+---
+'@directus/api': patch
+---
+
+Added missing share ID when refreshing/updating share sessions
diff --git a/api/src/services/authentication.ts b/api/src/services/authentication.ts
index 56107840a5..ef81519149 100644
--- a/api/src/services/authentication.ts
+++ b/api/src/services/authentication.ts
@@ -417,7 +417,10 @@ export class AuthenticationService {
 		// Clear expired sessions for the current user
 		await this.knex('directus_sessions')
 			.delete()
-			.where('user', '=', record.user_id)
+			.where({
+				user: record.user_id,
+				share: record.share_id,
+			})
 			.andWhere('expires', '<', new Date());
 
 		return {
@@ -476,6 +479,7 @@ export class AuthenticationService {
 		await this.knex('directus_sessions').insert({
 			token: newSessionToken,
 			user: sessionRecord['user_id'],
+			share: sessionRecord['share_id'],
 			expires: sessionExpiration,
 			ip: this.accountability?.ip,
 			user_agent: this.accountability?.userAgent,