mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-21 21:09:49 +08:00
b874da4a1b
The session-ownership guard recomputed the key from the session's existing
refresh token, so refresh-backed sessions accepted any access token. Validate
the incoming token pair against this.sessionKey instead, so a foreign token
can't be installed into either an access-only or a refresh-backed session.
Also route the sign-in current-user prefetch through runAsynchronously instead
of swallowing failures with .catch(() => {}), per the project's async-error
handling guideline.
|
||
|---|---|---|
| .. | ||
| cli | ||
| dashboard-ui-components | ||
| js | ||
| next | ||
| react | ||
| sc | ||
| shared | ||
| tanstack-start | ||
| template | ||
| ui | ||