Memory leak in Index for principal `null` in Redis

[ruslanys]

Describe the bug

When a user lands at /admin, Spring generates an anonymous session for such user and redirects him to the login page.

When a user passes authentication process, RedisIndexedSessionRepository persists the session identifier in two indexes:

• session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:null
• session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:principalUsername

The issue is that session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:null never cleanup: I see hundreds of identifiers under that index.

To Reproduce

1. Start the sample.
2. Sign-in using user/password credentials.
3. Click on the logout button.
4. Check the index, you will see the record under the key spring:session:index:org.springframework.session.FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME:null that will never cleanup.

Expected behavior

Do not persist session under null principal, or clean the identifier when the session changes its principal.

Sample

The issue can be reproduced using the sample you have in the repository: https://github.com/spring-projects/spring-session/tree/main/spring-session-samples/spring-session-sample-boot-redis.

[ruslanys]

The bug goes from #1941 (eb9f62a)

[eleftherias]

Thanks for reaching out @ruslanys. I will be taking a closer look at this in the next few days.