Gronod
bdfb042527
#13 Logout doesn't revoke Emby token: - Added in-memory tokenStore (userId -> { accessToken }) - AccessToken stored server-side after successful login; never sent to client - POST /logout calls Emby POST /Sessions/Logout with the stored token before clearing it; failure is warned but does not block the local cookie clear #14 Unbounded Emby session creation per login: - DeviceId in the Emby auth request is now a stable SHA-256 hash of the lowercase username (sofarr-<16 hex chars>) - Emby treats the same DeviceId as the same device and reuses the existing session slot instead of creating a new one each login
4.5 KiB
4.5 KiB