I'm not sure how to start, but we have a node app that was built off the example oauth app from the dev guide. It's been built out to basically monitor the presence status of an extension, updating every 5 seconds. Multiple users should be able to login and their sessions are being stored using express-session and MySQL store.

It seemed to work fine but when testing with multiple users, if one user hits the /logout endpoint, then the other user(s) get logged out as well. I have no idea where to start with this or what could be causing it. Shouldn't each user have their own session tokens, I can see the sessions in the MySQL sessions table and it appears to create a new session for each login, but for some reason the tokens are revoked for all users when only one user hits logout.

I'm using this code for the /logout endpoint taken from the dev guide:

app.get("/logout", async function (req, res) {

    if (req.session.tokens != undefined) {

        const platform = rcsdk.platform();

        platform.auth().setData(req.session.tokens);

        if (platform.loggedIn()) {

            try {

                const resp = await platform.logout();

                console.log("logged out");

            } catch (e) {

                console.log(`/logout error:`, e.message);

            }

        }

        req.session.tokens = null;

    }

    res.redirect("/");

});

Please let me know if any more information is needed, I'm trying to figure it out and tweak things but I honestly have no idea if it's because platform.logout() will revoke all the tokens (which I think it shouldn't since each login has their own token pairs).

The app is pretty simple but it has this issue which pretty much makes it useless since all users have to relogin when one logs out.

The dev guide I followed to get the skeleton of the app:

https://developers.ringcentral.com/guide/authentication/quick-start