Skip to content
Snippets Groups Projects
Unverified Commit 3c52b289 authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Make sure expired data is actually purged

The SimpleSAML\Session::expireData() method did not mark the session as dirty when there was expired data on it, so if nothing else changed, the data was never actually purged. It was done like this by design, but in practice, it seems like sessions aren't modified as often, meaning they end up growing a lot with each state array that's stored on them, and expired data is never removed. We now check for expired data in the save() method (which is run every time a session is destroyed, if not manually) and if there is any, we mark the session as dirty, so that it is actually updated in the backend. Most of the time this will be transparent and have no visible performance hit, as it'll be run after the response is sent, during shutdown.

This closes #1053
parent 9d5bd996
No related branches found
No related tags found
No related merge requests found
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment