Expire sessions after 48 hours

Otherwise, we accumulate sessions in memory until we run out of heap.
clojars · Sep 28, 2023 · 29b5d25 · 29b5d25
1 parent 0a5eb21
commit 29b5d25
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/deps.edn b/deps.edn
@@ -34,8 +34,10 @@
   duct/hikaricp-component {:mvn/version "0.1.2"
                            :exclusions [org.slf4j/slf4j-nop]}
 
+  kirasystems/aging-session {:mvn/version "0.5.0"}
+
   one-time/one-time {:mvn/version "0.7.0"
-                     :exclusions [;; not needed on java 17, addresses CWE-120
+                     :exclusions [ ;; not needed on java 17, addresses CWE-120
                                   com.github.jai-imageio/jai-imageio-core
                                   ;; not used, addresses CVE-2020-11987, CVE-2019-17566
                                   org.apache.xmlgraphics/batik-dom

diff --git a/src/clojars/http_utils.clj b/src/clojars/http_utils.clj
@@ -1,8 +1,9 @@
 (ns clojars.http-utils
   (:require
+   [aging-session.event :as aging-session-event]
+   [aging-session.memory :as aging-session]
    [clojure.string :as str]
    [ring.middleware.session :refer [wrap-session]]
-   [ring.middleware.session.memory :as mem]
    [ring.util.response :refer [content-type response]]))
 
 (defn wrap-cors-headers [handler]
@@ -25,7 +26,11 @@
   (reset! session-store-atom {}))
 
 (defn wrap-secure-session [f]
-  (let [mem-store (mem/memory-store session-store-atom)
+  (let [mem-store (aging-session/aging-memory-store
+                   :session-atom     session-store-atom
+                   :refresh-on-write true
+                   ;; Allow sessions to remain active for 48 hours
+                   :events           [(aging-session-event/expires-after 172800)])
         secure-session (wrap-session f {:cookie-attrs {:secure true
                                                        :http-only true}
                                         :store mem-store})