[User Session] Clear metadata on older sessions (#10751)

manuthecoder · github-actions[bot] · garyhtou · web-flow · commit 8a73da242e27 · 2025-07-16T08:48:12.000-07:00
### Closes #10744 This pull request introduces a new background job to clear outdated user session data and schedules it to run daily. The job ensures sensitive session information is removed for sessions older than one year. Below are the most important changes: ### Addition of a new job: * [`app/jobs/user/clear_old_user_sessions_job.rb`](diffhunk://#diff-19bd9b2978ef88bf9ae1db00fbb346141d92e5d85c4cb816b8949d814f0c4792R1-R21): Added a new job `ClearOldUserSessionsJob` to the `User` namespace. This job iterates through user sessions older than one year and clears sensitive data such as `device_info`, `os_info`, `timezone`, `ip`, and location details (`latitude` and `longitude`). ### Scheduling the job: * [`config/schedule.yml`](diffhunk://#diff-18c4a92c666266e8bead5b6ddb034501022877cdf773c0d337499ed0a7f6d341R175-R179): Scheduled the new `ClearOldUserSessionsJob` to run daily at 3:00 AM with a low priority queue. [Internal discussion](https://hackclub.slack.com/archives/C047Y01MHJQ/p1750259883680629) --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Gary Tou <gary@garytou.com>
diff --git a/app/jobs/user_session/clear_old_user_sessions_job.rb b/app/jobs/user_session/clear_old_user_sessions_job.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class UserSession
+  class ClearOldUserSessionsJob < ApplicationJob
+    queue_as :low
+
+    def perform
+      UserSession.expired.where("created_at < ?", 1.year.ago).find_each(&:clear_metadata!)
+    end
+
+  end
+
+end
diff --git a/app/models/user_session.rb b/app/models/user_session.rb
@@ -81,6 +81,14 @@ def expired?
     expiration_at <= Time.now
   end
 
+  def clear_metadata!
+    update!(
+      device_info: nil,
+      latitude: nil,
+      longitude: nil,
+    )
+  end
+
   private
 
   def user_is_unlocked
diff --git a/config/schedule.yml b/config/schedule.yml
@@ -172,6 +172,11 @@ update_teenager_column_job:
   cron: "0 7 * * *" # run every 1 day
   class: "User::UpdateTeenagerColumnJob"
 
+clear_old_user_sessions:
+  cron: "0 3 * * *" # every day at 3:00 AM
+  class: "UserSession::ClearOldUserSessionsJob"
+  queue: low
+
 card_grant_expiration_job:
   cron: "0 7 * * *" # run every 1 day
   class: "CardGrant::ExpirationJob"
