rotateSessionId uses raw BEGIN/COMMIT/ROLLBACK instead of db.transaction() #51
Labels
No Label
architecture
backend
bug
feature
frontend
priority:critical
priority:high
priority:low
priority:medium
priority:nice-to-have
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/BillTracker#51
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Severity: HIGH 🟠
Affected Files
services/authService.js— lines 131–136Problem
rotateSessionId()uses manual transaction control:better-sqlite3 provides
.transaction()for exactly this — it's atomic and handles rollback automatically. Every other transactional operation in the codebase uses the idiomaticdb.transaction()pattern.The manual pattern works in the happy path but has two problems:
Impact
Fix
Replace with idiomatic
db.transaction():Acceptance Criteria
rotateSessionIdusesdb.transaction()instead of raw BEGIN/COMMIT/ROLLBACK