Don't delete old sessions when issuing new access tokens using the Password or Client Credential grants. Fixes #32

src/League/OAuth2/Server/Grant/ClientCredentials.php

@@ -149,9 +149,6 @@ class ClientCredentials implements GrantTypeInterface {
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
         $accessTokenExpires = time() + $accessTokenExpiresIn;
 
-        // Delete any existing sessions just to be sure
-        $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
-
         // Create a new session
         $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'client', $authParams['client_id']);
 

src/League/OAuth2/Server/Grant/Password.php

@@ -193,9 +193,6 @@ class Password implements GrantTypeInterface {
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
         $accessTokenExpires = time() + $accessTokenExpiresIn;
 
-        // Delete any existing sessions just to be sure
-        $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
-
         // Create a new session
         $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $userId);