Skip to content

Purge Sessions that are too stale to refresh #922

New issue
New issue
Open
#924
Open
Purge Sessions that are too stale to refresh#922
#924
Assignees
maffettone
@danielballan

Description

@danielballan
danielballan
opened on Mar 11, 2025

Tiled purges Sessions and APIKeys when the have expired.

tiled/tiled/server/app.py

Lines 640 to 660 in ed90338

async def purge_expired_sessions_and_api_keys():
PURGE_INTERVAL = 600 # seconds
while True:
async with AsyncSession(
engine, autoflush=False, expire_on_commit=False
) as db_session:
num_expired_sessions = await purge_expired(
db_session, orm.Session
)
if num_expired_sessions:
logger.info(
f"Purged {num_expired_sessions} expired Sessions from the database."
)
num_expired_api_keys = await purge_expired(
db_session, orm.APIKey
)
if num_expired_api_keys:
logger.info(
f"Purged {num_expired_api_keys} expired API keys from the database."
)
await asyncio.sleep(PURGE_INTERVAL)

By default, Sessions expire after 1 year (session_max_age). But they can become effectively unusable before then, if 7 days pass and the most recent refresh token is not refreshed (refresh_token_max_age).

tiled/tiled/server/settings.py

Lines 40 to 47 in ed90338

refresh_token_max_age: timedelta = timedelta(
seconds=int(
os.getenv("TILED_REFRESH_TOKEN_MAX_AGE", 7 * 24 * 60 * 60)
) # 7 days
)
session_max_age: Optional[timedelta] = timedelta(
seconds=int(os.getenv("TILED_SESSION_MAX_AGE", 365 * 24 * 60 * 60)) # 365 days
)

We have seen that the Sessions table can get clogged with effectively-dead Sessions. In 3 known cases at NSLS-II, users have hit the limit of 200 Sessions per Principal for this reason.

The purge_expired_sessions_and_api_keys job should additionally consult time_last_refreshed

tiled/tiled/authn_database/orm.py

Line 210 in ed90338

time_last_refreshed = Column(DateTime(timezone=True), nullable=True)

and cull any Session whose time_last_refreshed is longer ago than session_max_age.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions