From 50323c0bd4b8203351e783c8952816aca8a3863c Mon Sep 17 00:00:00 2001
From: Brock Allen <brockallen@gmail.com>
Date: Fri, 24 Jun 2022 13:03:34 -0400
Subject: [PATCH] fix incorrect filtering logic in QuerySessionsAsync

---
 src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs  | 4 ++--
 .../Stores/InMemory/InMemoryServerSideSessionStore.cs         | 4 ++--
 .../Hosting/ServerSideSessionTests.cs                         | 4 +++-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs b/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs
index cf7fe1151..5715f3d5d 100644
--- a/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs
+++ b/src/EntityFramework.Storage/Stores/ServerSideSessionStore.cs
@@ -338,8 +338,8 @@ public virtual async Task<QueryResult<ServerSideSession>> QuerySessionsAsync(Ses
             !String.IsNullOrWhiteSpace(filter.SessionId))
         {
             query = query.Where(x =>
-                (filter.SubjectId == null || x.SubjectId.Contains(filter.SubjectId)) ||
-                (filter.SessionId == null || x.SessionId.Contains(filter.SessionId)) ||
+                (filter.SubjectId == null || x.SubjectId.Contains(filter.SubjectId)) &&
+                (filter.SessionId == null || x.SessionId.Contains(filter.SessionId)) &&
                 (filter.DisplayName == null || (x.DisplayName != null && x.DisplayName.Contains(filter.DisplayName) == true))
             );
         }
diff --git a/src/IdentityServer/Stores/InMemory/InMemoryServerSideSessionStore.cs b/src/IdentityServer/Stores/InMemory/InMemoryServerSideSessionStore.cs
index 80ce97e17..7d457a69c 100644
--- a/src/IdentityServer/Stores/InMemory/InMemoryServerSideSessionStore.cs
+++ b/src/IdentityServer/Stores/InMemory/InMemoryServerSideSessionStore.cs
@@ -169,8 +169,8 @@ public Task<QueryResult<ServerSideSession>> QuerySessionsAsync(SessionQuery filt
             !String.IsNullOrWhiteSpace(filter.SessionId))
         {
             query = query.Where(x =>
-                (filter.SubjectId == null || x.SubjectId.Contains(filter.SubjectId)) ||
-                (filter.SessionId == null || x.SessionId.Contains(filter.SessionId)) ||
+                (filter.SubjectId == null || x.SubjectId.Contains(filter.SubjectId)) &&
+                (filter.SessionId == null || x.SessionId.Contains(filter.SessionId)) &&
                 (filter.DisplayName == null || (x.DisplayName != null && x.DisplayName.Contains(filter.DisplayName) == true))
             );
         }
diff --git a/test/IdentityServer.IntegrationTests/Hosting/ServerSideSessionTests.cs b/test/IdentityServer.IntegrationTests/Hosting/ServerSideSessionTests.cs
index fe39c5641..c838f2480 100644
--- a/test/IdentityServer.IntegrationTests/Hosting/ServerSideSessionTests.cs
+++ b/test/IdentityServer.IntegrationTests/Hosting/ServerSideSessionTests.cs
@@ -220,11 +220,13 @@ public async Task querysessions_on_ticket_store_should_use_session_store()
         _pipeline.RemoveLoginCookie();
         await _pipeline.LoginAsync("alice");
         _pipeline.RemoveLoginCookie();
-        await _pipeline.LoginAsync("alice");
+        await _pipeline.LoginAsync("bob");
         _pipeline.RemoveLoginCookie();
 
         var tickets = await _ticketService.QuerySessionsAsync(new SessionQuery { SubjectId = "alice" });
+        tickets.TotalCount.Should().Be(2);
         var sessions = await _sessionStore.QuerySessionsAsync(new SessionQuery { SubjectId = "alice" });
+        sessions.TotalCount.Should().Be(2);
 
         tickets.ResultsToken.Should().Be(sessions.ResultsToken);
         tickets.HasPrevResults.Should().Be(sessions.HasPrevResults);