Follow-up from #70 review.
After #70, Session.jwt, NewSession.jwt, and SessionRef.jwt are written and cloned but never read anywhere outside crates/mqdb-agent/src/http/session_store.rs itself.
handle_logout now reads session.jti directly. destroy_others_by_canonical_id returns JTIs. handle_ticket mints a fresh ticket JWT from session claims (canonical_id, email, name, picture, provider) rather than the stored one. mint_callback_jwt callers pass the JWT into the cookie/response and the JTI into the session — the session JWT itself is never consulted again.
Scope
- Drop
jwt field from Session, NewSession, and SessionRef in crates/mqdb-agent/src/http/session_store.rs
- Update the four
NewSession { jwt, jti, ... } callsites (callback, register, login, dev_login) to stop passing jwt
- Update
mint_callback_jwt return type from (String, String) to just String for the JTI flow — the JWT still needs to go into the Set-Cookie/response body, so adjust the call sites to keep the JWT local and only feed the JTI into the session
- Drop the
session.jwt assertion at session_store.rs:300
Why
Dead state on a security-sensitive struct is a footgun — future readers will wonder whether the stored JWT is "the right one" after refreshes/rotations. Removing it makes the data model match the actual behavior.
Out of scope
No behavior change. Pure cleanup.
Follow-up from #70 review.
After #70,
Session.jwt,NewSession.jwt, andSessionRef.jwtare written and cloned but never read anywhere outsidecrates/mqdb-agent/src/http/session_store.rsitself.handle_logoutnow readssession.jtidirectly.destroy_others_by_canonical_idreturns JTIs.handle_ticketmints a fresh ticket JWT from session claims (canonical_id, email, name, picture, provider) rather than the stored one.mint_callback_jwtcallers pass the JWT into the cookie/response and the JTI into the session — the session JWT itself is never consulted again.Scope
jwtfield fromSession,NewSession, andSessionRefincrates/mqdb-agent/src/http/session_store.rsNewSession { jwt, jti, ... }callsites (callback, register, login, dev_login) to stop passingjwtmint_callback_jwtreturn type from(String, String)to justStringfor the JTI flow — the JWT still needs to go into the Set-Cookie/response body, so adjust the call sites to keep the JWT local and only feed the JTI into the sessionsession.jwtassertion at session_store.rs:300Why
Dead state on a security-sensitive struct is a footgun — future readers will wonder whether the stored JWT is "the right one" after refreshes/rotations. Removing it makes the data model match the actual behavior.
Out of scope
No behavior change. Pure cleanup.