Any session that has an expiration timestamp older than the current time by a configurable offset is subject to removal. As needed, the cleanup task can look at the session's last activity timestamp instead. The cleanup task removes 500 expired sessions at a time until all expired sessions are removed. If expired sessions are growing rapidly, you can optionally increase the frequency of the cleanup task.

Note:

Increasing the frequency of the cleanup task or the number of expired sessions to be removed per batch (or both) adds more workload to your storage server. We recommend making changes gradually to observe the impact, if any.

Important:

In a clustered PingFederate environment, the cleanup task runs only on the console node. If adjustments are required, make them on the console node. No changes are required on any of the engine nodes.

  1. Optional: Adjust the frequency of the cleanup task.
    1. Edit the timer-intervals.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
    2. Update the StoredSessionCleanerInterval value (in milliseconds).

      The default value is 86400000, which is 24 hours.

    3. Save your change.
  2. Optional: Configure other cleanup options.
    1. Edit the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

      Refer to the following table for more information about each field.

      Field Description
      ExpiredSessionGroupBatchSize The number of expired authentication sessions to be removed per batch.

      The default value is 500.

      ExpirationTimeColumnName The column of which its value determines whether an authentication session has expired in the context of the cleanup task. Valid options are expiry_time and last_activity_time.
      expiry_time
      Set to expiry_time if the cleanup task should only remove persistent authentication sessions that have expired.
      The cleanup task determines if a session can be removed by looking at the session's expiration timestamp and the current time. If the expiration timestamp is older than the current time by the number of minutes specified by the ExpirationTimeOffsetMins field, the session is subject to removal.
      last_activity_time
      Set to last_activity_time if the clean task should remove persistent authentication sessions that have been left idle.
      The cleanup task determines if a session can be removed by looking at the session's last activity timestamp and the current time. If the last activity timestamp is older than the current time by the number of minutes specified by the ExpirationTimeOffsetMins field, the session is subject to removal.
      For example, if PingFederate should remove persistent authentication sessions for which the last activity time is more than three weeks ago, set the ExpirationTimeColumnName value to last_activity_time and the ExpirationTimeOffsetMins value to 30240.

      The default value is expiry_time.

      ExpirationTimeOffsetMins The offset (in minutes) relative to the current time.

      The default value is 10.

    2. Save your change.
  3. If you have made any changes, restart PingFederate.
    In a clustered PingFederate environment, no changes or restart of PingFederate is required on any of the engine nodes.