File uploads end up in the directory temp. Files should never grow old in this directory: any file that is older than a few minutes is with high probability the product of a failed order creation, and can be removed.

When an upload is complete, the file is moved to the designated file storage location on disk. This location is configured using two global config parameters:

• fileDirectory: the directory where all files are stored
• documentLocationId: an integer that identifies a particular storage location, and must be changed every time the fileDirectory changes. If fileDirectory is changed without a new, unique documentLocationId, the system will refuse to create new orders.  

If the designated file storage location is changed, it will not have any retroactive effects on existing orders. It is thus possible to change file store without moving existing files.

Order creation:

1. The file is uploaded to the directory temp
2. A document entry is created in the database, containing designated disk location and status (not assigned).
3. The file is moved to the designated disk location
4. When the order entry has been created in the database, the document status is updated (assigned to order)

Document signing:

1. The signed file is downloaded from the Signing Service to the directory temp 
2. A document entry is created in the database, containing designated disk location and status (not assigned).
3. The file is moved to the designated disk location
4. The document currently assigned to the order is un-assigned and the new document takes its place

The documents stored in the file area can automatically be removed by activating the document retention function. As documents are permanently deleted from the file area it is very important to have a backup scheme in place for recovery and rollback.

The function can be activated by setting the configuration parameter "documentRetention.enabled" to true and restarting the application.

Note that if the file area contains many documents the initial time for a full clean up can take some time. Activation is best done outside office hours and the file area and log files should be monitored for any problems.

The clean up job is executed every minute (53sec) and checks for expired documents according to the configuration parameters. At the most 100 documents are deleted every cycle.

The document age policy can be configured for two types of document states.

Configuration parameters:
"inactiveDocumentAge": All documents that are in an intermediate state or the corresponding order is in state Rejected, Canceled or Expired.
"completedDocumentAge": All documents for orders that are in state Accepted/Completed.

Note that ongoing (Pending) documents are never deleted by this function.

In the case of file area, database corruption or change in retention age policy to retrieve old documents, the documents can be rolled back by the following procedure:

1. Stop the application
2. Restore the files from backup to the file area.
3. Optionally change or disable document retention while investigating root causes.
4. Run SQL command: UPDATE documents SET file_state = 0
5. Start the application

When the periodic schedule is activated again the documents will be deleted according to (new) settings.