Closed dreamstar-enterprises closed 3 weeks ago
Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.
Hmmm. ok thanks Phil. It does look like a bug to me : ( I'll post it on stack overflow.
Hi,
I have a Spring OAuth Client (BFF), between a Public Angular Client, and an Auth0 Authorization server. When I login, the BFF correctly persists the session to Redis (and with it, the Authorized Client, Security Context, and Authorized Request as attributes in the session)
When I logout though, only the contents of the Session get deleted, the key itself does not. Also nothing in the Sorted Set, ever gets deleted. I am positing here, as it might be a genuine bug.
Logout Handler
Here is my Logout Handler
SessionControl
It calls another call called SessionControl, and the invalidate session method. Here is that function
WebSessionStore
That inturn calls Websession Store, and it's removeSession method.
Here is the bean and the function:
reactiveRedisIndexedSessionRepository
The this.sessions above refers to the ReactiveRedisIndexedSessionRepository that was passed in the constructor of the WebsessionStore. Looking at the internals of the Spring ReactiveRedisIndexedSessionRepository I see this:
Session in Redis before
As you can see before I logout, the session is there in Redis.
Session in Redis after
After I call the logout handler, something has definitely happened, but the session is still there with its key, just no map of values apart from a single lastaccessed map key / value.
Further more nothing ever gets deleted from the SortedSet, which according to the 4th step in the deleteAndReturn method above, it should...
So, can someone help me understand where I may have gone wrong in my code?