I use Redis as data store for users and session cache.
I use the following code in my services:
var redisOpsManAdminPool = new PooledRedisClientManager(myConfiguration.GetRedisAdminConnString());
var redisCachePool = new PooledRedisClientManager(myConfiguration.GetRedisCacheConnString());
container.Register(c => new BizBusUserRepository(redisOpsManAdminPool));
container.Register<IRedisClientsManager>(c => redisOpsManAdminPool);
container.Register<IAuthRepository>(c => new RedisAuthRepository(redisOpsManAdminPool));
I use API keys to authenticate server to server REST calls. So I enabled the following ServiceStack plugin:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[]
{
new BizBusAuthProvider(),
new ApiKeyAuthProvider(AppSettings)
{
KeyTypes = new[] {"secret"},
RequireSecureConnection = false,
},
}
)
{
ValidUserNameRegEx = new Regex(@"^(?=.{5,53}$)([\p{L}\w][.!_-]?)*$", RegexOptions.Compiled),
});
To establish a connection with another server I use
public JsonServiceClient BbDataExchangeService
{
get
{
if (_bbDataExchangeService == null || string.IsNullOrEmpty(_bbDataExchangeService.BearerToken))
{
_bbDataExchangeService = new JsonServiceClient(MyServiceConfig.ServerConfiguration.GetDataExchangeServiceUri())
{
BearerToken = MyServiceConfig.ServerConfiguration.MyApiKey
};
}
return _bbDataExchangeService;
}
private set => _bbDataExchangeService = value;
}
This is a property of an object registered in the IOC container with singleton scope. So if the session times out, it is automatically re-created.
Now the strange thing on Redis (Only in the datacenter, in my dev environment I have never seen this)
I have hundreds of sessions which look as follows and which get never cleaned up:
{
"__type": "ServiceStack.AuthUserSession, ServiceStack",
"id": "AcjKamHpcYqvgWwggIan",
"createdAt": "\/Date(1548064695604)\/",
"lastModified": "\/Date(1548064695604)\/",
"isAuthenticated": false,
"fromToken": false,
"tag": 0,
"providerOAuthAccess": [],
"meta": {
}
}
Of course such sessions end up with 401 and 403 errors. Out of about 30 entries only one is correct!!
A correct cache entry should look similar to this:
{
"__type": "ServiceStack.AuthUserSession, ServiceStack",
"id": "13Ea0sYGJRVYEk5VvTKr",
"userAuthId": "1",
"userAuthName": "bbopsmanager",
"userName": "bbopsmanager",
"displayName": "BizBus bbopsmanager server on bbopman01-lfdev-t74-app01",
"fullName": "BizBus bbopsmanager server on computer bbopman01-lfdev-t74-app01",
"createdAt": "\/Date(1548065075640)\/",
"lastModified": "\/Date(1548065076985)\/",
"roles": [
"SomeServiceRole"
],
"permissions": [],
"isAuthenticated": true,
"fromToken": false,
"tag": 0,
"authProvider": "apikey",
"providerOAuthAccess": [],
"meta": {
}
}
I have seen up to 1000 entries with empty, unauthenticated objects and they remain there forever until I remove them manually!
Does anybody had similar issues with Redis session cache? Any idea what could be wrong here??