Expired database objects are deleted during Application.housekeeping! event (see ASAB docs on housekeeping) instead of more frequent periodic scans (to minimize the number of database write operations). This includes:
Sessions
Login sessions
OAuth authorization codes
Incomplete credential registrations
Incomplete TOTP registrations
Webauthn challenges
Password reset tokens
Expired sessions are excluded from session list, unless include_expired=yes is specified in request query.
Expired database objects are deleted during
Application.housekeeping!
event (see ASAB docs on housekeeping) instead of more frequent periodic scans (to minimize the number of database write operations). This includes:Expired sessions are excluded from session list, unless
include_expired=yes
is specified in request query.