SimpleSAMLphp session entries not deleted from DB
408 views
Skip to first unread message
anagha...@gslab.com
Aug 30, 2017, 6:01:47 AM8/30/17
to SimpleSAMLphp
Hi All,
I am trying to set up single sign on for multiple web applications written in PHP. I am using SImpleSAMLphp as service provider and connecting with ADFS as an identity provider.
Since my PHP web application is using PHP session for session storage, earlier I was getting session lost error. So I changed session storage type of SimpleSAMLphp to MySQL DB. Then problem is resolved and single sign on works fine.
When I checked MySQL DB, found that SimpleSAMLphp session entries are not deleted from tables even though their expiry time-stamp is passed.
According to my understanding SimpleSAMLphp session entries should get deleted from tables of session storage DB of SimpleSAMLphp once their expiry time-stamp is passed, but this is not happening. If session entries are not getting deleted then what will happen if MySQL has no space left ? Could you please explain this behavior or correct me if I am doing anything wrong ?
Waiting for your reply.
Thanks,
Anagha Jadhav.
pat...@cirrusidentity.com
Aug 30, 2017, 2:49:05 PM8/30/17
to SimpleSAMLphp
The SQL storage class will randomly (about 1% chance) call its clearKVStore() method when data is being set in the DB.
This method clears out expired entries. If your system is lightly used you make go quite a while before things are cleared.
-Patrick
Anagha Jadhav
Aug 31, 2017, 8:21:22 AM8/31/17
to simple...@googlegroups.com
Hi Patrick,
What about saml_logouts table ? Is there also separate method to clear this table as well ?Regarding KVStore table, with such low chance(1%) of calling clearKVStore() method, what happens when MySQL has no space left ?
--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
https://simplesamlphp.org/support
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
Make sure to read the documentation:
https://simplesamlphp.org/docs/stable/
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to a topic in the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/simplesamlphp/MBYaF1QHq2o/unsubscribe.
To unsubscribe from this group and all its topics, send an email to simplesamlphp+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Patrick Radtke
Aug 31, 2017, 2:37:05 PM8/31/17
to SimpleSAMLphp
On Thursday, August 31, 2017 at 5:21:22 AM UTC-7, Anagha Jadhav wrote:
Hi Patrick,What about saml_logouts table ? Is there also separate method to clear this table as well ?
That has its own clean up function, also with a 1% chance of getting called each time data is added to the table.
Regarding KVStore table, with such low chance(1%) of calling clearKVStore() method, what happens when MySQL has no space left ?
Any time something get stored in kvstore table, there is a 1% chance the code will also clear expired entries. So probabilistically the more times you add data the higher the chance a call to clearKVStore() will happen.
-Patrick
Peter Schober
Aug 31, 2017, 3:03:05 PM8/31/17
to SimpleSAMLphp
* Patrick Radtke <pra...@gmail.com> [2017-08-31 20:37]:
fromt he DB using some external mechanism, e.g. calling a script from
cron? Doing that sounds a lot more practical to me than hoping for
"1%" runs to cleanup the DB before it kills the server.
OTOH I doubt anyone will have so many users and sessions that those
will fill a disk/partition/share/bucket of a size common today.
-peter
> Any time something get stored in kvstore table, there is a 1% chance the
> code will also clear expired entries. So probabilistically the more times
> you add data the higher the chance a call to clearKVStore() will happen.
There's nothing stopping anyone from cleaning out entries older than x
> code will also clear expired entries. So probabilistically the more times
> you add data the higher the chance a call to clearKVStore() will happen.
fromt he DB using some external mechanism, e.g. calling a script from
cron? Doing that sounds a lot more practical to me than hoping for
"1%" runs to cleanup the DB before it kills the server.
OTOH I doubt anyone will have so many users and sessions that those
will fill a disk/partition/share/bucket of a size common today.
-peter
Reply all
Reply to author
Forward
0 new messages