Store & watermarks
CleaningMemoryStore
Why
The tower-sessions MemoryStore does not implement cleanup of expired sessions. Without purging, every request from a bot without cookies creates a session that is never deleted — memory grows unboundedly.
CleaningMemoryStore solves this with three mechanisms:
| Mechanism | Trigger | Behavior |
|---|---|---|
| Periodic timer | Every 60s (configurable) | Deletes all expired sessions |
| Low watermark | 128 MB (configurable) | Async purge of expired anonymous sessions |
| High watermark | 256 MB (configurable) | Synchronous emergency purge + 503 refusal if still exceeded |
Size estimation
Each record is estimated as: 24 bytes (UUID + expiry) + JSON length of session data.
A warning is logged if a record exceeds 50 KB (image or file accidentally stored in session).
Watermark system
Low watermark (128 MB default)
When the total store size exceeds this threshold, a non-blocking background cleanup is launched via tokio::spawn. It removes expired anonymous sessions without blocking the current request.
High watermark (256 MB default)
When the size exceeds this threshold at session creation time:
- Pass 1 — removes expired anonymous sessions
- Pass 2 — if still exceeded, removes all expired sessions (including authenticated)
- Refusal — if still exceeded, returns
503 Service Unavailable
Protected sessions are never sacrificed in pass 1.