This commit adds code to the sessions database that deletes all expired
sessions from the database on startup.
The session store does not delete expired sessions from the database
automatically. The gorilla/sessions API does not allow the session ID to
be retrieved from a session cookie once the session has expired, so
there is no way for the session store to know what IDs needs to be
deleted from the database. The database layer must track when the
session was created and manually delete expired sessions.
This commit also removes the session database tests. They were poorly
written and, in some cases, weren't actually testing what they thought
they were. I have a seperate commit that rewrites the tests from
scratch. I split the commits up because the diff easier to read.
This commit adds code to the sessions database that deletes all expired sessions from the database on startup.
The session store does not delete expired sessions from the database automatically. The gorilla/sessions API does not allow the session ID to be retrieved from a session cookie once the session has expired, so there is no way for the session store to know what IDs needs to be deleted from the database. The database layer must track when the session was created and manually delete expired sessions.
This commit also removes the session database tests. They were poorly written and, in some cases, weren't actually testing what they thought they were. I have a seperate commit that rewrites the tests from scratch. I split the commits up because the diff easier to read.