Skip to content

feat(login): clean remember me tokens#61944

Merged
Altahrim merged 1 commit into
masterfrom
chore/cleanup-login-tokens
Jul 10, 2026
Merged

feat(login): clean remember me tokens#61944
Altahrim merged 1 commit into
masterfrom
chore/cleanup-login-tokens

Conversation

@Altahrim

@Altahrim Altahrim commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

Summary

Remember me cookie lifetime is 15 days by default, but they are never deleted in database.

Checklist

AI (if applicable)

  • The content of this PR was partly or fully generated using AI

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
@Altahrim Altahrim added this to the Nextcloud 35 milestone Jul 9, 2026
@Altahrim Altahrim self-assigned this Jul 9, 2026
@Altahrim Altahrim added 2. developing Work in progress php Pull requests that update Php code 3. to review Waiting for reviews and removed 2. developing Work in progress labels Jul 9, 2026
@Altahrim Altahrim marked this pull request as ready for review July 9, 2026 14:25
@Altahrim Altahrim requested a review from a team as a code owner July 9, 2026 14:25
@Altahrim Altahrim requested review from ArtificialOwl, leftybournes, provokateurin and salmart-dev and removed request for a team July 9, 2026 14:25
@Altahrim

Altahrim commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator Author

/backport to stable34

@provokateurin provokateurin enabled auto-merge July 9, 2026 14:44
@Altahrim

Copy link
Copy Markdown
Collaborator Author

/backport to stable33

@Altahrim

Copy link
Copy Markdown
Collaborator Author

/backport to stable32

@Altahrim Altahrim disabled auto-merge July 10, 2026 12:09
@Altahrim Altahrim merged commit 21fbfa1 into master Jul 10, 2026
241 of 277 checks passed
@Altahrim Altahrim deleted the chore/cleanup-login-tokens branch July 10, 2026 12:09
$qb
->delete()
->where($qb->expr()->eq('appid', $qb->expr()->literal('login_token')))
->andWhere($qb->expr()->lt('configvalue', $qb->createNamedParameter(time() - $rememberMeMaxAge)))

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from running such query manually I remember that Postgres (and probably oracle) are more strict about the fact that configvalue is VARCHAR and used in a comparison with an INT here

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This query was tested with PostgreSQL 17.6:

DELETE FROM oc_preferences 
WHERE appid = 'login_token' AND configvalue < 1777632074;

Do you think it may have changed with new versions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

3. to review Waiting for reviews php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Regularely clean login_token from oc_preferences

3 participants