Description
The issue I am encountering relates to the fact that while Spring Session / Security is saving my session data to Redis and applying a TTL (Time-To-Live) to the main session keys, the associated indexed keys (such as attributes indexed for lookups) are not automatically being set with a TTL. This means that these indexed keys can persist indefinitely unless manually deleted (e.g., through an explicit logout), leading to a potential memory leak.
Is there a way, and if not, can I request the ability to attach time limits to indexed components of sessions (e.g. in Redis). The normal session keys get cleaned up by Redis as they have a TTL, but as you can see below, when a session naturally expires, the other bits remain in Redis.
Is it right behaviour for when sessions expire and get removed for the Indexed keys to remain their indefinitely?
These should be removed by Redis based on a TTL assigned to them, just like with the hashed session key - or some cron function should be provided,
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior.
Expected behavior
A clear and concise description of what you expected to happen.
Sample
A link to a GitHub repository with a minimal, reproducible sample.
Reports that include a sample will take priority over reports that do not.
At times, we may require a sample, so it is good to try and include a sample up front.