When a user logs in, Keycloak keeps a record of the user session in the SSO_TOKEN database table but when the user logs out the record does not get removed from the table. Even if the EXPIRATION_TIME time has lapsed the record remains in the table. Is this the correct behaviour? The table gets filled up overtime and consumes a lot of space.
Related
Here, I don’t have a session cookie. I know only the user id of the user I want to clear all active sessions for.
Currently, I am going through each session in the sessions table and checking warden.user.user.key attribute. If it is equal to that user id I am destroying this session.
This works fine but the sessions table contains more than a million records. Is there an optimized way to do so?
I'm currently using PFUser.logout to log out the user but am having an issue where when another user logs back in, they're able to see other object data such as their Listings or Settings still stored in the cache from the last user's session.
What's the best way to purge all local data so the next user can have a fresh experience?
Thanks
I have a very weird problem with my Rails app
There is a huge ID gaps for new signed users, I added a screenshot for my Users IDs
Is there any reason for this to happen? I don't think that these gaps are caused by some users that got deleted. We didn't delete any users, and we don't have any de-activate functionality in our app
Saves are wrapped in a transaction. If a transaction is rolled back, while obviously no rows get persisted, neither auto increment (mysql) nor sequences (postgres, see the note next to nextval in the docs) are reset.
When this happens you'll get a gap in the ids generated.
Currently, My Rails (3) app creates objects before their relation is known (I store the Comment, then ask the user to log-in/sign-in to validate that comment, after which the Comment gets a User assigned).
I'd like to make sure each Comment falls back to a user at all times. To avoid having to test everywhere for #comment.user. Ensuring a user also allows me to validate_presence.
I can see two ways, both seem quite ugly. Maybe I am missing some feature of Rails or ActiveRecord.
In the seed or migration, create a user with ID 1, call that anonymous and assign that as fallback.
in comment.rb check for user_id on load, if null, assign a User.new to it.
How is this usually done?
How about adding user records for all comments. Even for not signed-in users. This is just one more record per anonymous comment. And in user records you can keep last IP address and other stuff like max anonymous comments per day.
After user sign-in, reassign comments to the right user and delete temporary user. For new user sign-ups update temporary user records to verified state.
Notice that each anonymous comment has owner, but the user isn't verified. And verification state can be treated as user attribute.
Yes, it is possible to keep unverified users data in session. However sessions sometimes are configured to be stored in a database. So result is the same as storing temporary users in main users table in terms of disk usage, but the data is more fragmented.
Maybe temporarily store necessary stuff in session, not in database? I don't like the idea of storing partially complete records in database. It is a risky play with database integrity. Alternatively, you could create a table with text column which would contain those incomplete objects serialized.
I have a MOSS2007 web application (created using publishing site template). In this app, user is allowed to add various items of interest. Those item of interest are saved in DB as a group. Thus each user has more than one group of interests. User is allowed to add/delete/edit interests within a group at will.
My queries are as follows
How to handle cases when user adds items of interest and never saves it in a group before MOSS2007 session times out?
How to handle cases when user adds items of interest, saves it and then adds more before MOSS2007 session times out.
How to handle cases when user adds items of interest, saves it, delete some items from saved ones before MOSS2007 session times out.
I'd suggest:
How to handle cases when user adds
items of interest and never saves it
in a group before MOSS2007 session
times out?
Items are either stored in a local cookie, so they are there when the user logs in to MOSS again, or are lost.
How to handle cases when user adds
items of interest, saves it and then
adds more before MOSS2007 session
times out.
New items are either saved in cookie, or lost.
How to handle cases when user adds
items of interest, saves it, delete
some items from saved ones before
MOSS2007 session times out.
The deletion method should delete the records from the database. So they would be synced already. If however, you need a rollback option, you could do something similar to the Recycle bin functionality in MOSS...
Hope that helps.