Purge expired auth cookies

DNN Platform/Library/DotNetNuke.Library.csproj

@@ -679,6 +679,7 @@
     <Compile Include="Security\Cookies\AuthCookieController.cs" />
     <Compile Include="Security\Cookies\IAuthCookieController.cs" />
     <Compile Include="Security\Cookies\PersistedAuthCookie.cs" />
+    <Compile Include="Security\Cookies\PurgeAuthCookiesTask.cs" />
     <Compile Include="Security\FIPSCompliant.cs" />
     <Compile Include="Security\Membership\AspNetMembershipProvider.cs" />
     <Compile Include="Security\Permissions\CorePermissionProvider.cs" />

DNN Platform/Library/Security/Cookies/PurgeAuthCookiesTask.cs

@@ -0,0 +1,43 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information
+namespace DotNetNuke.Security.Cookies
+{
+    using System;
+
+    using DotNetNuke.Services.Exceptions;
+    using DotNetNuke.Services.Scheduling;
+
+    /// <summary>
+    /// Scheduled task to remove old cookies.
+    /// </summary>
+    public class PurgeAuthCookiesTask : SchedulerClient
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="PurgeAuthCookiesTask"/> class.
+        /// </summary>
+        /// <param name="objScheduleHistoryItem">Object that will get added to the database as a record of this run.</param>
+        public PurgeAuthCookiesTask(ScheduleHistoryItem objScheduleHistoryItem)
+        {
+            this.ScheduleHistoryItem = objScheduleHistoryItem;
+        }
+
+        /// <inheritdoc/>
+        public override void DoWork()
+        {
+            try
+            {
+                AuthCookieController.Instance.DeleteExpired(DateTime.UtcNow);
+                this.ScheduleHistoryItem.Succeeded = true;
+                this.ScheduleHistoryItem.AddLogNote("Purging auth cookies completed");
+            }
+            catch (Exception exc)
+            {
+                this.ScheduleHistoryItem.Succeeded = false;
+                this.ScheduleHistoryItem.AddLogNote(string.Format("Purging auth cookies task failed: {0}.", exc.ToString()));
+                this.Errored(ref exc);
+                Exceptions.LogException(exc);
+            }
+        }
+    }
+}

DNN Platform/Website/Providers/DataProviders/SqlDataProvider/09.11.00.SqlDataProvider

@@ -24,6 +24,35 @@ WHERE SettingName = 'SSLSetup'
  AND SettingValue = 'True'
 GO
 
+
+/*    Add scheduled task to delete expired auth cookies       */
+/************************************************************/
+
+IF NOT EXISTS(SELECT ScheduleID FROM {databaseOwner}[{objectQualifier}Schedule] WHERE TypeFullName = 'DotNetNuke.Security.Cookies.PurgeAuthCookiesTask, DOTNETNUKE')
+BEGIN
+	INSERT INTO {databaseOwner}[{objectQualifier}Schedule] ([TypeFullName], [TimeLapse], [TimeLapseMeasurement], [RetryTimeLapse], [RetryTimeLapseMeasurement], [RetainHistoryNum], [AttachToEvent], [CatchUpEnabled], [Enabled], [ObjectDependencies], [Servers], [CreatedByUserID], [CreatedOnDate], [LastModifiedByUserID], [LastModifiedOnDate], [FriendlyName]) 
+	VALUES ('DotNetNuke.Security.Cookies.PurgeAuthCookiesTask, DOTNETNUKE', 1, 'h', 30, 'm', 10, '', 0, 1, '', NULL, NULL, GETDATE(), NULL, GETDATE(), N'Purge Expired Authentication Cookies')
+END
+GO
+
+IF object_id(N'{databaseOwner}[{objectQualifier}AuthCookies_DeleteOld]', 'P') IS NOT NULL
+    DROP PROCEDURE {databaseOwner}[{objectQualifier}AuthCookies_DeleteOld]
+GO
+
+/*    Ensure that the AuthCookies doesn't time out          */
+/************************************************************/
+
+CREATE PROCEDURE {databaseOwner}[{objectQualifier}AuthCookies_DeleteOld]
+	@CutoffDate   datetime -- in UTC
+AS
+BEGIN
+	DELETE TOP(10000) FROM {databaseOwner}[{objectQualifier}AuthCookies]
+	WHERE ExpiresOn < @CutoffDate
+END
+GO
+
+
+
 /************************************************************/
 /*****              SqlDataProvider                     *****/
 /************************************************************/