Clear old persistences?

cartalyst / sentinel

A framework agnostic authentication & authorization system.

BSD 3-Clause "New" or "Revised" License

1.51k stars 238 forks source link

Clear old persistences? #519

Closed zubfatal closed 4 years ago

zubfatal commented 4 years ago

Your Environment

OS and Version: Synology DSM 6.0.2
PHP Version: 7.3.7
Sentinel Version: 3.0.3

Expected behaviour

Periodically cleanup of "old" persistences

Actual behaviour

I'm signing in normally with Sentinel::authenticate() wich works fine and all, and my Sentinel session is saved in the persistences table, however, we are using normal sessions, which will cease to exist at some point once the user has been inactive enough (standard session stuff), but the entries will remain in the persistences table, granted they will not be used, since a new Sentinel session will be created once signed in again, but over time, that table will be cluttered with old entries, and I don't see a way maintain the persistences table properly?

Steps to reproduce

Explained above.

brunogaspar commented 4 years ago

Maybe try to clear out everything with the exception of the current active session, something like this:

$currentLoggedInUser = Sentinel::getUser();

Sentinel::getPersistenceRepository()->flush($currentLoggedInUser, false);

zubfatal commented 4 years ago

Hi @brunogaspar,

I don't think that would work as intended, since there may be other users logged ind, I think this would disrupt their sessions as well?

I am testing another idea though. I'm using Slim Framework, with Sentinel attached to it's container, and the idea I have is something like this:

if ($code = Sentinel::getPersistenceRepository()->check()) {
    $persistence = Sentinel::getPersistenceRepository()->findByPersistenceCode($code);
    $persistence->touch();
}

This would update updated_at for the current session in the persistences table while the user is active throughout the system.

This works so far, now I gotta figure out an efficient way to purge persistences based on the session lifetime.

brunogaspar commented 4 years ago

The example i gave, clears the other sessions for the logged in user only, which is what you've asked i believe,

If that does not work as intended for your use case, then you might need to perform a loop within the persistences records yourself i suppose.

brunogaspar commented 4 years ago

Closing due to lack of activity. Feel free to reopen if you still have issues or other questions.