The auth.db stores all the accounts.
The session.db stores all the logged sessions.
When a device has logged in an account, next time it syncs, sync server won't use auth.db to authorize, the server will check the session.db to see if the session of this device has already build, and then the server will directly sync if the session exists.
Now the problem is, after deleting the account using ankisyncctl.py deluser, the device already logged can still sync, because the session data in the session.db still exists.
So I wish this can be fixed: when deleting a user, also delete the related sessions in session.db.
The
auth.dbstores all the accounts.The
session.dbstores all the logged sessions.When a device has logged in an account, next time it syncs, sync server won't use
auth.dbto authorize, the server will check thesession.dbto see if the session of this device has already build, and then the server will directly sync if the session exists.Now the problem is, after deleting the account using
ankisyncctl.py deluser, the device already logged can still sync, because the session data in thesession.dbstill exists.So I wish this can be fixed: when deleting a user, also delete the related sessions in
session.db.