Microsoft-identity-web: [Bug] Distributed token cache Read operations should update the L2 data freshness.

Created on 12 Mar 2021  路  7Comments  路  Source: AzureAD/microsoft-identity-web

Which version of Microsoft Identity Web are you using?
Note that to get help, you need to run the latest version.

1.8.0
Where is the issue?

  • Web app

    • [ ] Sign-in users

    • [ ] Sign-in users and call web APIs

  • Web API

    • [ ] Protected web APIs (validating tokens)

    • [ ] Protected web APIs (validating scopes)

    • [ ] Protected web APIs call downstream web APIs

  • Token cache serialization

    • [ ] In-memory caches

    • [ ] Session caches

    • [x ] Distributed caches

  • Other (please describe)

Is this a new or an existing app?

a. The app is in production and I have upgraded to a new version of Microsoft Identity Web.
Repro

Expected behavior
The sql server cache entry ExpriresAtTime should be changing as tokens are accessed.
If the time is expired, it even got deleted by other token access activities to keep the cache size in control.

Actual behavior
The sql server cache entry ExpriresAtTime not changing as tokens are accessed.
The older version this ExpriresAtTime changes every time the token is accessed.
If the time is expired, the token even got deleted by other token access activities.

Possible solution

Additional context / logs / screenshots
Overserved on the dev machine (localdb)\MSSQLLocalDB in visual studio 2019

bug fixed possible-regression

All 7 comments

Thanks @creativebrother

I think I understand what happens. This would be related to the new L1/L2 cache implementation (see https://github.com/AzureAD/microsoft-identity-web/wiki/L1-Cache-in-Distributed-(L2)-Token-Cache)

In 1.8.0, when we read a token from the L1 (in memory) cache, we don't update the fact that the key was accessed in the L2 cache (distributed) cache, which means we don't extend its life time.

Thanks @creativebrother ...i think this pr will resolve the issue. thoughts?

@creativebrother we can release this on Monday (3.15), if that works for you. in the meantime, use 1.7.0. thanks again.

I noticed also the expired token entries not being deleted in the L2 cache (sql server). The old version 1.5.0 read activities will trigger deleting all the cache entries whose ExpriresAtTime is less or equal to when read activity happens.
I am not sure is this related to the -- not extending the L2 token life time issue?

I did not have a chance to look at the source code yet, but from my observation, sometimes the L2 do get refresh, but not always.
Thanks for taking care of it. @jmprieur @jennyf19

thanks @creativebrother will take a look

@creativebrother released w/1.8.1

Included in 1.9.0 release

Was this page helpful?
0 / 5 - 0 ratings