Identityserver4: DistributedCacheStateDataFormatter caches the data forever with no opts

Created on 16 May 2019 · 8Comments · Source: IdentityServer/IdentityServer4

In production scenario we use several instances of Identityserver with DistributedRedisCache in between. After a while we see millions keys in Redis, most of them look like: DistributedCacheStateDataFormatter--2a2bdc38-c81c-41d7-9210-e5aa22152400; sldexp:-1 absexp:-1 data:{"Items":{".redirect":"/account/ExternalLoginCallback?returnUrl=https%3A%2F%2Fdomain.com%2FMenu%2F","scheme":"ExternalIdp",".xsrf":"qhYOnBBcklKhdUSDPyIMkp-Cw7XnXUVmWuBM0HX6PY4","OpenIdConnect.Code.RedirectUri":"https://login.domain.com/signin-oidc"},"Parameters":{},"RedirectUri":"/account/ExternalLoginCallback?returnUrl=https%3A%2F%2Fdomain.com%2FMenu%2F"}

Short research shown that these records were produced during external authentication by the DistributedCacheStateDataFormatter. It caches the items permanently with no opts. Looks like a bug, isn't?

A solution could be to use (when presented) the expiration from AuthenticationProperties object to be cached, and some reasonable or configurable value when omitted.

core feature request

Source

dfrunet

Most helpful comment

We will look at this fro our next release the next time we're doing reviews. It will be in July.

brockallen on 21 Jun 2019

👍2

All 8 comments

PR?

leastprivilege on 16 May 2019

Ok. Will first try it internally and then commit.

dfrunet on 17 May 2019

@leastprivilege any milestone for this?

dfrunet on 10 Jun 2019

@leastprivilege is there anything more that needs to be done for this to be approved? Also experiencing the same issue with the cache filling up with keys that never expire.