"""User.session_epoch for server-side session revocation (SA4) A monotonic per-user counter. A signed session cookie records the epoch it was minted under; current_user rejects any cookie whose epoch is stale. Bumped on password reset, password change, or "log out everywhere" — so a stolen/copied client-side cookie dies on those events instead of staying valid until it expires. Existing rows default to 0 (matching a fresh cookie's absent/0 epoch). """ from typing import Sequence, Union import sqlalchemy as sa from alembic import op revision: str = "0053_user_session_epoch" down_revision: Union[str, None] = "0052_plex_show_meta" branch_labels: Union[str, Sequence[str], None] = None depends_on: Union[str, Sequence[str], None] = None def upgrade() -> None: op.add_column( "users", sa.Column("session_epoch", sa.Integer(), nullable=False, server_default="0"), ) def downgrade() -> None: op.drop_column("users", "session_epoch")