🐛 Bug Report: Event session.delete not trigger when remove cause of TTL

[fliitor]

👟 Reproduction steps

1. Set Session length to 5 seconds (or what you need to test)
2. Add a debug function (wich just listen all users.*.sessions.* events, and output on res.json
3. Create a session (via email in my case)
4. Check that session is removed (account/sessions/[SESSION_ID] endpoint)
5. Check logs of function on 2.

No event is triggered

👍 Expected behavior

Event aboute deletion of session need to be populate (on function / webhooks)

👎 Actual Behavior

No log about this event

🎲 Appwrite version

Version 1.3.x

💻 Operating system

Linux

🧱 Your Environment

Ubuntu 22.04 & Docker compose

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[stnguyen90]

@fliitor, thanks for creating this issue! 🙏🏼 Unfortunately, the event is not triggered automatically when a session expires. It is only triggered when a user deletes their session. Part of the reason is the session is not actually deleted. Instead, the browser automatically removes it client-side because of the expiration on the session cookie, or Appwrite ignores the session because it doesn't pass verification.

[fliitor]

ty for answer @stnguyen90
I can see on mariaDB than _x_sessions never cleaned. It contains session already expired. Do I need to create another feature ticket to add this removed on maintenance task ? And maybe take advantage of this maintenance task to have a marker on the expiry date, and send the event?

[stnguyen90]

@fliitor, we do already have a maintenance task:

appwrite/app/tasks/maintenance.php

Lines 97 to 102 in 73329ad

	function notifyDeleteExpiredSessions()
	{
	(new Delete())
	->setType(DELETE_TYPE_SESSIONS)
	->trigger();
	}

that triggers the delete expired sessions job:

appwrite/app/workers/deletes.php

Lines 419 to 435 in 73329ad

	protected function deleteExpiredSessions(): void
	{
	$consoleDB = $this->getConsoleDB();
	$this->deleteForProjectIds(function (string $projectId) use ($consoleDB) {
	$dbForProject = $this->getProjectDB($projectId);
	$project = $consoleDB->getDocument('projects', $projectId);
	$duration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
	$expired = DateTime::addSeconds(new \DateTime(), -1 * $duration);
	// Delete Sessions
	$this->deleteByGroup('sessions', [
	Query::lessThan('$createdAt', $expired)
	], $dbForProject);
	});
	}

However, these don't trigger the event because the event is only triggered when the user logs out via the API.

[fliitor]

Oh ok. Session keep on database cause I change session length to 1 year. I understand
Could be nice to have event here in future

You can close this issue if need, thanks for your time

[fliitor]

I can close it, mb