Hi Cursor team,
I’ve noticed that even after revoking all active sessions from my Google Account settings, Cursor still continues to make requests as if the session is still valid.
Steps to reproduce:
- Log in to Cursor using the “Continue with Google” option.
- Go to your Google Account > Security > Manage all sessions.
- Revoke all active sessions (including any associated with Cursor).
- Observe that Cursor still continues to function and make authenticated requests.
Expected behavior:
After revoking sessions, Cursor should require a fresh login and stop making authenticated requests.
Please check if session tokens are being persistently cached or if the OAuth session is not properly invalidated after revocation.
Let me know if you need more info to replicate this.
Thanks!