Hi all,

We're running Ipsilon 1.1.1 on Fedora 21 and have been dealing with increasingly-frequent errors on logout (SP doesn't recognize session index) that we've traced to a lack of SAML session db cleanup. Old sessions are never removed from the database, so when a user logs out, the IdP attempts to log them out of every session ever left in "logged in" state by that user. The SP doesn't recognize the expired session indexes and throws an error.

Reading through the code, it looks like the SAML2SessionStore should have expired sessions removed from it regularly by a CherryPy background task. As far as we can tell, this task has never run. I opened up the saml2.sessions SQLite file and the dbinfo table has no data besides the schema version. The rows tracking the last cleanup run are not there.

We haven't had any luck figuring out why cleanup isn't running - can you think of anything obvious we should check? I'm confirmed that our config file has the default value of 30 for cleanup_interval.

We've been running in debug mode looking for messages about scheduling, or not scheduling, cleanup, and haven't seen anything. I'm not confident we're looking at the right logs - does CherryPy debug logging go something other than the Apache logs dir?

Let me know if there's anything else I can tell you.

Thanks,

Janet