core: fix task clean_expiring_models removing valid sessions with using database storage (#9598)

authentik/core/tasks.py

@@ -2,7 +2,9 @@
 
 from datetime import datetime, timedelta
 
+from django.conf import ImproperlyConfigured
 from django.contrib.sessions.backends.cache import KEY_PREFIX
+from django.contrib.sessions.backends.db import SessionStore as DBSessionStore
 from django.core.cache import cache
 from django.utils.timezone import now
 from structlog.stdlib import get_logger
@@ -15,6 +17,7 @@ from authentik.core.models import (
     User,
 )
 from authentik.events.system_tasks import SystemTask, TaskStatus, prefill_task
+from authentik.lib.config import CONFIG
 from authentik.root.celery import CELERY_APP
 
 LOGGER = get_logger()
@@ -39,6 +42,8 @@ def clean_expired_models(self: SystemTask):
     amount = 0
 
     for session in AuthenticatedSession.objects.all():
+        match CONFIG.get("session_storage", "cache"):
+            case "cache":
                 cache_key = f"{KEY_PREFIX}{session.session_key}"
                 value = None
                 try:
@@ -49,6 +54,19 @@ def clean_expired_models(self: SystemTask):
                 if not value:
                     session.delete()
                     amount += 1
+            case "db":
+                if (
+                    DBSessionStore.get_model_class()
+                    .objects.filter(session_key=session.session_key, expire_date__gt=now())
+                    .exists()
+                ):
+                    session.delete()
+                    amount += 1
+            case _:
+                # Should never happen, as we check for other values in authentik/root/settings.py
+                raise ImproperlyConfigured(
+                    "Invalid session_storage setting, allowed values are db and cache"
+                )
     LOGGER.debug("Expired sessions", model=AuthenticatedSession, amount=amount)
 
     messages.append(f"Expired {amount} {AuthenticatedSession._meta.verbose_name_plural}")