feat: add a flag and a routine for flushing inactive login sessions

[norand94]

Related issue(s)

#2561

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

[CLAassistant]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #3133 (2286d79) into master (316b582) will increase coverage by 2.78%.
The diff coverage is 100.00%.

❗ Current head 2286d79 differs from pull request most recent head 1acf097. Consider uploading reports for the commit 1acf097 to get more accurate results

@@            Coverage Diff             @@
##           master    #3133      +/-   ##
==========================================
+ Coverage   76.82%   79.61%   +2.78%     
==========================================
  Files         123      112      -11     
  Lines        8976     8001     -975     
==========================================
- Hits         6896     6370     -526     
+ Misses       1652     1225     -427     
+ Partials      428      406      -22     

Impacted Files	Coverage Δ
cmd/cli/handler_janitor.go	82.97% <100.00%> (+2.12%)	⬆️
cmd/janitor.go	100.00% <100.00%> (ø)
persistence/sql/persister_consent.go	80.12% <100.00%> (-7.47%)	⬇️
x/clean_sql.go	46.42% <0.00%> (-44.69%)	⬇️
x/hasher.go	73.33% <0.00%> (-17.98%)	⬇️
persistence/sql/persister_jwk.go	64.58% <0.00%> (-14.18%)	⬇️
cmd/cli/handler_jwk.go	88.23% <0.00%> (-11.77%)	⬇️
cmd/cli/handler.go	89.47% <0.00%> (-10.53%)	⬇️
persistence/sql/persister_grant_jwk.go	81.41% <0.00%> (-9.89%)	⬇️
... and 146 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[norand94]

I created PR which contains regenerated docs
ory/docs#848

[architeacher]

@aeneasr It seems like this has stalled for a long time.

[aeneasr]

That's true

[mikapfl]

I think after the merging of authentication request tables, the correct SQL is now:

delete from hydra_oauth2_authentication_session
where not exists (
    select from hydra_oauth2_flow where login_session_id = hydra_oauth2_authentication_session.id
);

works at least in postgresql.

[alexandre-melard]

Dear @norand94 are you still working on this?
This would be a great thing to have in janitor
Best Regard
Alex

[Renkas]

Why has this stalled?

For me it seems that this query does the trick:

DELETE FROM hydra_oauth2_authentication_session WHERE id in (
	SELECT id
	FROM hydra_oauth2_authentication_session
	WHERE NOT EXISTS
	    (
	    SELECT NULL
	    FROM hydra_oauth2_flow
	    WHERE hydra_oauth2_flow.login_session_id = hydra_oauth2_authentication_session.id
	    )
)

[konstantin-evo]

Greeting @aeneasr, @kainsk

Please review this pull request, as the hydra_oauth2_authentication_session table is not being properly cleaned by the Janitor, causing the database to grow to an unmanageable size.

This issue affects many members of the community and remains highly relevant.

BR, Konstantin 🙃

[aeneasr]

Please add the expiry to the where clause, otherwise this will remove legitimate sessions.

[RamazanKara]

Hello, any updates on this? This is really a pain to set up own database operations for hydra, we would expect the garbage cleaning to be fully handled by hydra itself.