feat: clean up session on janitor run

persistence/sql/persister_consent.go

@@ -447,8 +447,9 @@ func (p *Persister) FlushInactiveLoginConsentRequests(ctx context.Context, notAf
 	var cr consent.ConsentRequest
 	var crh consent.HandledConsentRequest
 
-	return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+	var ls consent.LoginSession
 
+	return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
 		// Delete all entries (and their FK)
 		// where hydra_oauth2_authentication_request were timed-out or rejected
 		// - hydra_oauth2_authentication_request_handled
@@ -517,6 +518,32 @@ func (p *Persister) FlushInactiveLoginConsentRequests(ctx context.Context, notAf
 			time.Now().Add(-p.config.ConsentRequestMaxAge()),
 			notAfter).Exec()
 
+		if err != nil {
+			return sqlcon.HandleError(err)
+		}
+
+		err = p.Connection(ctx).RawQuery(fmt.Sprintf(`
+			DELETE
+			FROM %[1]s
+			WHERE NOT EXISTS
+				(
+				SELECT NULL
+				FROM %[2]s
+				WHERE %[2]s.login_session_id = %[1]s.id
+				)
+			AND NOT EXISTS
+				(
+				SELECT NULL
+				FROM %[3]s
+				WHERE %[3]s.login_session_id = %[1]s.id
+				)
+			AND authenticated_at < ?
+			`,
+			(&ls).TableName(),
+			(&lr).TableName(),
+			(&cr).TableName()),
+			notAfter).Exec()
+
 		return sqlcon.HandleError(err)
 	})
 }