Describe the bug

Environment details.
Keycloak : version 15
Database : MySQL Aurora Serverless v1
USER_ENTITY Size: 30 million + rows
OFFLINE_CLIENT_SESSION Size : 10 million + rows

Problem Statement:
When a DELETE USER api is used to delete a user. It looks like following SQL query is executed to delete offline session details from OFFLINE_CLIENT_SESSION table.

This query uses IN subquery, due to which MySQL ignores the indexes on the table.

It can be seen that the query takes more than 6 minutes to complete. During this duration, this can cause some database table locking, which would result in failure of issuing tokens or updating the refresh time of the session in the table.

The queries when ran independently (without subquery) runs within few milliseconds.

Suggested approach:
If instead of using a sub-query, if the two queries are executed separately. i.e.
a. Get the session IDs using the Select query first
b. Run the delete query with result set of 'a'. Then this can speed up the deletions to a very large extent.

I believe this should be a small change and can help to improve the performance to a great extent.

Version

15

Expected behavior

On the call of Delete User, the Delete user should be completed quickly and should not time out or take time like 300+ seconds.

Actual behavior

The delete user operation times out or take large time for completion.

How to Reproduce?

Try deleting the user from a Keycloak when Offline sessions are enabled and the table has more than 1 million rows.

Anything else?

No response