fluent icon indicating copy to clipboard operation
fluent copied to clipboard
verified publisher icon vapor

Fluent Session driver doesn't provide any way to remove old sessions

Open semicoleon opened this issue 2 years ago • 3 comments

Fluent's session driver doesn't store any information about when a session was last seen. As far as I can tell, that makes any sessions that weren't destroyed via an explicit log out from the same browsing context as the original session very difficult to remove from the database safely.

A simple solution would be to maintain a timestamp in the __fluent_sessions table that is updated every time the session is retrieved. This would at least make it possible to periodically clear out definitely expired sessions with a simple query.

semicoleon avatar Jul 06 '23 18:07 semicoleon

you can extend the table as you like. include a data column and insert any data ex.: a timestamp to further improve your session strategy.

youd have to write your own AsyncSessionDriver to do that

wibed avatar Aug 26 '23 15:08 wibed

Sure, there's nothing stopping you from implementing your own. I just think that since sessions inherently expire due to cookies expiring, the "default" session implementation for Vapor projects could at least store enough data that you can manually clear out the table occasionally without having to guess about which sessions are still valid.

semicoleon avatar Aug 26 '23 20:08 semicoleon

personally i prefer the "do one thing and do it good" mentality.

iirc its literally copy pasting the existing implementation and extending it with your own data. you can event use compose api to merge object into the existing implementation

wibed avatar Aug 27 '23 05:08 wibed