The auth.db stores all the accounts.

The session.db stores all the logged sessions.

When a device has logged in an account, next time it syncs, sync server won't use auth.db to authorize, the server will check the session.db to see if the session of this device has already build, and then the server will directly sync if the session exists.

Now the problem is, after deleting the account using ankisyncctl.py deluser, the device already logged can still sync, because the session data in the session.db still exists.

So I wish this can be fixed: when deleting a user, also delete the related sessions in session.db.