Fluent Session driver doesn't provide any way to remove old sessions

[semicoleon]

Fluent's session driver doesn't store any information about when a session was last seen. As far as I can tell, that makes any sessions that weren't destroyed via an explicit log out from the same browsing context as the original session very difficult to remove from the database safely.

A simple solution would be to maintain a timestamp in the __fluent_sessions table that is updated every time the session is retrieved. This would at least make it possible to periodically clear out definitely expired sessions with a simple query.

[wibed]

you can extend the table as you like. include a data column and insert any data ex.: a timestamp to further improve your session strategy.

youd have to write your own AsyncSessionDriver to do that

[semicoleon]

Sure, there's nothing stopping you from implementing your own. I just think that since sessions inherently expire due to cookies expiring, the "default" session implementation for Vapor projects could at least store enough data that you can manually clear out the table occasionally without having to guess about which sessions are still valid.

[wibed]

personally i prefer the "do one thing and do it good" mentality.

iirc its literally copy pasting the existing implementation and extending it with your own data.
you can event use compose api to merge object into the existing implementation