Manually expire web sessions
Instead of relying on the cache implementation to kill web sessions
past the time the admin has configured as allowed, track the end time
when the session was created and initially stored in the cache. If a
valid session key is found in the cache, but it expired before now,
invalidate the key and report it as not found.
Sessions are usually updated in the cache every 50% of the maxAge,
rotating the key and changing the cookie during this time. During one
of these half-expired rotations the session will have a new expire
time set, keeping it alive for a longer time window since the user
is still active.
This saves the cache from needing to update the on access timer on
every request, especially for disk based caches that try to save the
web_sessions across server restarts.
While we are poking at this cache, use String as the cache key rather
than Key now that the H2 based system doesn't need to use the key for
version checks. This simplifies the BloomFilter logic inside of the
disk based cache to be able to hash the token more quickly.
Change-Id: I318e38b2382b7f5ea1188df3ddc7ec6703a5fd3c
2 files changed
