From 4cfd1b1ff54843418c96bc43191396d26279fd6a Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Mon, 27 Oct 2025 09:45:12 -0700
Subject: [PATCH] always check resource session length

---
 server/routers/badger/verifySession.ts | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index 758ffa1b..2f88cc46 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -387,19 +387,17 @@ export async function verifyResourceSession(
 
             if (resourceSession) {
                 // only run this check if not SSO sesion; SSO session length is checked later
-                if (!(resourceSessions.userSessionId && sso)) {
-                    const accessPolicy = await enforceResourceSessionLength(
-                        resourceSession,
-                        resourceData.org
-                    );
+                const accessPolicy = await enforceResourceSessionLength(
+                    resourceSession,
+                    resourceData.org
+                );
 
-                    if (!accessPolicy.valid) {
-                        logger.debug(
-                            "Resource session invalid due to org policy:",
-                            accessPolicy.error
-                        );
-                        return notAllowed(res, redirectPath, resource.orgId);
-                    }
+                if (!accessPolicy.valid) {
+                    logger.debug(
+                        "Resource session invalid due to org policy:",
+                        accessPolicy.error
+                    );
+                    return notAllowed(res, redirectPath, resource.orgId);
                 }
 
                 if (pincode && resourceSession.pincodeId) {