Delete old users?

Vote:
 

[For this project, we are using EPiServer Commerce 7.12.0]

Hi,

Every time a cart is created, an anonymous user is also created in the commerce database (not the CMS database). I'd like to remove the users belonging to since-long deleted unused carts and old purchase orders, i.e. I don't want to remove all users there ("there" being the aspnet_* tables in the commerce database).

Since they are created in the commerce database, I can't use Membership to retrieve them, and CustomerContext.Current.GetAllContacts() only seem to retrieve users/contacts from the CMS database and not the commerce database.

Is there a way of retrieving those users and deleting them?

So far I have about 20 million anonymous users in the commerce database, and I want to delete the ones created more than 180 days ago.

#189569
Edited, Mar 20, 2018 17:14
Vote:
 

I know I can do it directly in SQL, but I'm wondering if there is a way of doing it in code.

#189570
Mar 20, 2018 17:20
Vote:
 

Hi,

There is no builtin function to delete old users (IIRC then you can't even delete users, let alone do it in batch. You can delete contacts, but not users). If your purpose of doing that would be performance, then upgrading to latest version will yield much better return on investment.

If you do it for GDPR compliance then it can be much trickier. I'd suggest to contact our develop support for that.

#189603
Mar 21, 2018 10:24
Vote:
 

It's not really a problem, but I like to keep a clean system :)

Those 20 million users consume about 11 GB of storage in the database, and it feels a bit wasteful to keep all those anonymous users when they aren't used for anything (users never log in to the commerce part of the site, so there should hopefully not be any personal information connected to those users (the shipping info should only be stored on the cart/purchase order)).

#189628
Mar 21, 2018 14:13
Vote:
 

Hi Quan,

For GDPR purposes, how would you recommend deleting users to keep in line with the right to be forgotten?

#198669
Nov 02, 2018 11:45
Vote:
 

I'm not an GDPR expert - far from it - but what I understand is that you can just delete that contact and that should be enough. The orders are "financial contracts" and therefore are exempted from GDPR rules. But again don't take my words for granted.

#198670
Nov 02, 2018 11:53
Vote:
 

Thanks a lot. Will investigate a bit further, but it's already a good lead. have a gr8 friday!

#198673
Nov 02, 2018 12:01
Vote:
 

Financial records are (at least in Sweden and Denmark) regulated by different laws which override GDPR. In Sweden you must keep the financial records for 7 years, and in Denmark 5 years, so you are legally obligated to keep those records for that amount of time.

An important thing a lot of people forget is that they also have to erase personal information from log files, which means that if a customers sends a "Right to be Forgotten", you have to erase their information from log4net (or other logging solution) logs as well.

I use Serilog for most of our logging (logging to a database), and tag each entry with something I can use to find the log entries with (such as an order number, or an e-mail address), and then finding log entries to remove is quite easily done.

#198674
Nov 02, 2018 12:03
Vote:
 

Thanks for the extra info Patrick. Will keep that in mind. have a good one!

#198676
Nov 02, 2018 12:17
Vote:
 

Hi again guys,

UserManager<>.Delete(user) works fine. Contact is succesfully deleted from the cms.

However, i am using CustomerContext.CurrentContact.DeleteCustomerContactOnly(); to delete contact from the commerce db, but nothing seems to happen.


Is there something that I am missing regarding deleting users from commerce?

Regards,

Rui Vaz

#198841
Edited, Nov 07, 2018 15:09
Vote:
 

I would suggest to go with DeleteWithAllDependents. It only deletes contact-related information (billing address, etc.) It does not delete the orders associated 

#198850
Nov 07, 2018 15:32
Vote:
 

That was the first one i tried. Nothing happened either :/ i suppose i am missing something. not sure what tho.

#198851
Nov 07, 2018 15:34
Vote:
 

It does not delete the users, it deletes the current contact. If you go to this 

and the contact disappears then it worked

#198856
Nov 07, 2018 15:41
Vote:
 

Thanks!

Yes i am aware. But contact doesn't disappear from that table :) Maybe I have to log out user after deleting? I know that a user is created in the commerce db upon first login. Maybe if he's still logged in after deletion he is recreated?

#198858
Edited, Nov 07, 2018 15:44
Vote:
 

Do you have a feature that allows customers to delete their own contact information? 

It seems to me this is a cache problem. Does it disappear if you IIS reset? If you actually looked into db then ... is there anything in log?

#198859
Nov 07, 2018 15:50
Vote:
 

Hi Quan.

Yes i am. Goal is to be in compliance with GDPR right to be forgotten. Do you suggest a different approach?

I can confirm that if i sign out user after deleting it from commerce, it is removed from the commerce db.

#198862
Nov 07, 2018 20:58
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.