Is this N possible hits to the database or just one?

@stelewis-redhat thank you for the review. I am not following your question. Could you please elaborate a little bit?

I think my mental model of the data is wrong, after thinking about this a bit more.

If this gets called in a loop, "removeAuthenticateClientSession" does something like "delete from blah where blah_id=id" which is fine. In the SQL world, one could optimize a little by "delete from blah where blah_id in (id1, id2)" which isn't really possible, since HotRod isn't the SQL world.

In sum: nevermind.

This is a correct suggestion, however, it is not applicable in current context.

What is happening here is the following:
If we have one user session (U1) that has 3 client sessions (C1, C2, C3). The user session entity contains 3 references to each client sessions.

In JSON form It would be something like this:

"U1": {
    // ..........
    clientSessions: [C1.id, C2.id, C3.id],
    // ..........
    }

Now, when any of the client sessions expire, they are removed from cache. However, the reference in the U1 is still there. Therefore, when Keycloak loads client sessions for U1, we need to check each client session whether it still exists, that is what we are doing on line 82 (this was done also prior to this PR). However, we also need to clean that reference from the U1 (which is added in this PR), otherwise it is still present in Infinispan and can cause some trouble.

So in this loop we are calling delete for each client session we find out is missing (it is already removed from Infinispan). What are doing is basically removing ids from the Set within U1 and at the end of the transaction we call replace on whole U1 entity.

ok great. That is helpful! Thanks @mhajas

I noticed that exists method now defaults to "read by id". Shouldn't we override exists method in NoActionHotRodTransactionWrapper?

we should, I created a new issue for that: #19196