ComponentSpace

Forums



Why session deletion in database sso session store are not exact?


Why session deletion in database sso session store are not exact?

Author
Message
omrisuissa
omrisuissa
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)

Group: Forum Members
Posts: 9, Visits: 39
Using database sessions store, when calling Delete the SQL command is:
DELETE FROM [table_name] WHERE [session_id] LIKE [param_session_id]%

Why the usage of like and %?
The session id is not stored exactly in the database?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
What's stored in the SessionID is a combination of the SAML session cookie value and the type of the SAML session object. This supports those applications that act as both an IdP and an SP in which case there would be two rows. The SessionID for both rows would start with the same SAML session cookie value but would have different suffixes indicating the two SAML session object types for IdP vs SP session data.

The sessonID parameter to the Delete method is the SAML session cookie value only. In most cases there will be only one entry but we use the WHERE/LIKE clause to ensure, if there are two entries (IdP and SP session data), that both are deleted.

Regards
ComponentSpace Development
omrisuissa
omrisuissa
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)

Group: Forum Members
Posts: 9, Visits: 39
Thank you for the detailed response.
The session id + type concatenation is done in CreateSessionIDForType right?
So if I'm implementing my own database so session store and I'm only an SP, I can use "were = session-id" and skip the usage of CreateSessionIDForType? (inserting the session-id only)
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Yes, the CreateSessionIDForType method concatenates the session ID and type to create a unique ID. If you're an SP only you can skip using this method and use the session ID directly as the key into the table.


Regards
ComponentSpace Development
omrisuissa
omrisuissa
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)

Group: Forum Members
Posts: 9, Visits: 39
Thank you
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search