bouncer: do not keep unauthorized session.

Signed-off-by: Yonle <yonle@lecturify.net>
Yonle · Jan 27, 2024 · a0ec8bd · a0ec8bd
1 parent 67e44ff
commit a0ec8bd
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/bouncer.js b/bouncer.js
@@ -136,6 +136,7 @@ module.exports = (ws, req, onClose) => {
   ws.on('error', console.error);
   ws.on('close', _ => {
     onClose();
+
     console.log(process.pid, "---", `${ip} (${ws.id}) disconnected (${howManyOrphanSess()+1} orphans)`);
     if (csess.has(ws.id)) {
       csess.set(ws.id, null); // set as orphan.
@@ -145,7 +146,8 @@ module.exports = (ws, req, onClose) => {
       clearTimeout(i[1]);
     }
 
-    if (!authorized) return;
+    // unauthorized session must be destroyed.
+    if (!authorized) terminate_sess(ws.id);
 
     for (const i of ws.reconnectTimeout) {
       clearTimeout(i);