Hi all,
We're running Ipsilon 1.1.1 on Fedora 21 and have been dealing with
increasingly-frequent errors on logout (SP doesn't recognize session index)
that we've traced to a lack of SAML session db cleanup. Old sessions are
never removed from the database, so when a user logs out, the IdP attempts
to log them out of every session ever left in "logged in" state by that
user. The SP doesn't recognize the expired session indexes and throws an
error.
Reading through the code, it looks like the SAML2SessionStore should have
expired sessions removed from it regularly by a CherryPy background task.
As far as we can tell, this task has never run. I opened up the
saml2.sessions SQLite file and the dbinfo table has no data besides the
schema version. The rows tracking the last cleanup run are not there.
We haven't had any luck figuring out why cleanup isn't running - can you
think of anything obvious we should check? I'm confirmed that our config
file has the default value of 30 for cleanup_interval.
We've been running in debug mode looking for messages about scheduling, or
not scheduling, cleanup, and haven't seen anything. I'm not confident we're
looking at the right logs - does CherryPy debug logging go something other
than the Apache logs dir?
Let me know if there's anything else I can tell you.
Thanks,
Janet