lib/rodauth/features/single_session.rb in rodauth-1.23.0 vs lib/rodauth/features/single_session.rb in rodauth-2.0.0

@@ -4,10 +4,11 @@
   Feature.define(:single_session, :SingleSession) do
     error_flash 'This session has been logged out as another session has become active'
     redirect
 
     auth_value_method :allow_raw_single_session_key?, false
+    auth_value_method :inactive_session_error_status, 401
     auth_value_method :single_session_id_column, :id
     auth_value_method :single_session_key_column, :key
     session_key :single_session_session_key, :single_session_key
     auth_value_method :single_session_table, :account_session_keys
 
@@ -53,10 +54,11 @@
       end
     end
 
     def no_longer_active_session
       clear_session
+      set_redirect_error_status inactive_session_error_status
       set_redirect_error_flash single_session_error_flash
       redirect single_session_redirect
     end
 
     def update_single_session_key
@@ -68,10 +70,15 @@
         # designed to prevent.
         single_session_ds.insert(single_session_id_column=>session_value, single_session_key_column=>key)
       end
     end
 
+    def update_session
+      super
+      update_single_session_key
+    end
+
     private
 
     def after_close_account
       super if defined?(super)
       single_session_ds.delete
@@ -83,14 +90,9 @@
     end
 
     def set_single_session_key(data)
       data = compute_hmac(data) if hmac_secret
       set_session_value(single_session_session_key, data)
-    end
-
-    def update_session
-      super
-      update_single_session_key
     end
 
     def single_session_ds
       db[single_session_table].
         where(single_session_id_column=>session_value)