How to prevent database overload with BlacklistedToken and OutstandingToken models in Django using Simple JWT?
'm working on a Django project using Simple JWT , and I've noticed that every time a user logs in, the generated tokens are stored in the BlacklistedToken and OutstandingToken tables in the database. As more users authenticate and new tokens are generated, these tables continue to grow, which could lead to database overload over time.
What I want to achieve is to avoid these tables filling up unnecessarily with tokens, as I don't want to use a cron job to manually clean the tables or manage the tokens. What best practices exist for handling this situation? Is there a way to prevent these tokens from being stored persistently or to have them automatically cleaned up without using cron jobs?
I would appreciate any suggestions to improve performance and keep the database optimized. I use postgresql for database.
I have tried to set a script that runs every month but the table still fills up too much because the users are concurrent.
As more users authenticate and new tokens are generated, these tables continue to grow, which could lead to database overload over time.
Usually not. Most of the querying is done on the jti of the OutstandingToken, and this model is defined as [GitHub]:
class OutstandingToken(models.Model): # … jti = models.CharField(unique=True, max_length=255) # …
Since it is unique, the database will make an index for it, which allows querying in 𝓞(log n) time, so each time the database size doubles, it takes one time unit more to find the item. So a database of 1'000'000 records will approximately twice as slow as a database of 1'000. Because the lookup complexity grows in a very slow manner, one can maintain very large databases.
The most important thing is that fields you query (often) on, are indexed, since that allows to locate the record efficiently. A database that has to look for non-indexed fields is slow, since then it has to do linear search so enumerating over all 1'000'000 records, but an index allow to locate the record without going through all records.
The django-simplejwt package has a management command named flushexpiredtokens that you can run periodically to prevent the database from blowing up the token table, but each time cleaning up tokens would in fact result in more load on the database, since then creating a new token would require more queries to remove the previous ones.