Merge pull request #409 from DuendeSoftware/anders/404_fuzzing

Fuzzed start times
DuendeSoftware · Jan 24, 2024 · 31e24b4 · 31e24b4
2 parents 08b6275 + 657eee2
commit 31e24b4
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/IdentityServer/v7/docs/content/data/ef.md b/IdentityServer/v7/docs/content/data/ef.md
@@ -132,6 +132,11 @@ This options class contains properties to control the operational store and *Per
     The consumed token cleanup delay (in seconds). The default is 0. This delay is the amount of time that must elapse before tokens marked as consumed can be deleted. Note that only refresh tokens with
     OneTime usage can be marked as consumed. 
 
+*FuzzTokenCleanupStart* [added in 7.0]
+    The background token cleanup job runs at a configured interval. If multiple nodes run the cleanup job at the same time, update conflicts might occur in the store. To reduce the probability of that happening, the startup time can be fuzzed. When enabled, the first run is scheduled at a random time between the host startup and the configured
+    TokenCleanupInterval. Subsequent runs are run on the configured TokenCleanupInterval. Defaults to *true*.
+
+
 {{% notice note %}}
 The token cleanup feature does *not* remove persisted grants that are *consumed* (see [persisted grants]({{<ref "./operational/grants#grant-expiration-and-consumption">}})). It only removes persisted grants that are beyond their *Expiration*.
 {{% /notice %}}

diff --git a/IdentityServer/v7/docs/content/reference/efoptions/operational.md b/IdentityServer/v7/docs/content/reference/efoptions/operational.md
@@ -69,3 +69,10 @@ Settings that affect the background cleanup of expired entries (tokens) from the
 
     Gets or sets the number of records to remove at a time. Defaults to *100*.
 
+* ***FuzzTokenCleanupStart***
+
+    The background token cleanup job runs at a configured interval. If multiple nodes run the cleanup
+    job at the same time there will be updated conflicts in the store. To avoid that, the startup time
+    can be fuzzed. The first run is scheduled at a random time between the host startup and the configured
+    TokenCleanupInterval. Subsequent runs are run on the configured TokenCleanupInterval. Defaults to *true*
+
diff --git a/IdentityServer/v7/docs/content/reference/options.md b/IdentityServer/v7/docs/content/reference/options.md
@@ -666,6 +666,12 @@ Settings for [server-side sessions]({{<ref "/ui/server_side_sessions">}}). Added
     If enabled, when server-side sessions are removed due to expiration, back-channel logout notifications will be sent.
     This will, in effect, tie a user's session lifetime at a client to their session lifetime at IdentityServer. Defaults to true.
 
+* ***FuzzExpiredSessionRemovalStart***
+
+    The background session cleanup job runs at a configured interval. If multiple nodes run the cleanup
+    job at the same time update conflicts might occur in the store. To reduce the propability of that happening, the startup time can be fuzzed. The first run is scheduled at a random time between the host startup and the configured RemoveExpiredSessionsFrequency. Subsequent runs are run on the configured RemoveExpiredSessionsFrequency.
+    Defaults to *true*.
+
 ## Validation
 
 * ***InvalidRedirectUriPrefixes***