"deleteUsersBy*" should delete all user data

[Aristotle22]

2.) "deleteUsersBy*" should delete all user data: At the moment these methods only delete the record in the "users" table. For two reasons this is not enough: a.) The user should be able to rely on the fact that all its data has been deleted immediately. b.) If there is a record in the table "users_confirmations" left the user might be still able to send email confirmation to its address (for instance in a "resend confirmation form" after registration, a resend confirmation request and a subsequent account cancellation). This case might be unlikely – although in testing this issue happened to me relatively quickly – but the loss of credibility and trust for the website could be huge because here the impression can easily arise that the user data, despite other information, are not deleted - which is by the way (partly) true.

[ocram]

Thank you!

The tables users_remembered, users_resets and users_throttling are best left for garbage collection, which is already tracked here. They don’t hold any personal data, anyway.

But you are right, any entries in users_confirmations must be removed as well.

So we’ll include that table in Administration#deleteUsersByColumnValue, in addition to the users table.