The DatabaseIDCache class includes a DeleteExpiredPriorToAdd Boolean property.
The DatabaseIDCache stores IDs (eg SAML assertion IDs) in a cache implemented using a database.
This cache of IDs is used by the SAML class library to detect and report potential SAML assertion replay attacks.
In a web farm deployment, this cache should be maintained in a central location such as a database. The DatabaseIDCache provides this implementation.
In a single server deployment the default in-memory cache, InMemoryIDCache, may be used.
The DatabaseIDCache.DeleteExpiredPriorToAdd property specifies that any expired IDs stored in the database should be deleted prior to adding a new ID. Expired entries should be removed from the database periodically to reduce storage usage. One approach is to do this on each add by setting DatabaseIDCache.DeleteExpiredPriorToAdd to true. Another approach would be to call the DatabaseIDCache.DeleteExpired method on a periodic basis (eg as part of database maintenance or at application startup time). The choice is left to you.