Commit aca57c5d authored by Frédéric Mangano-Tarumi's avatar Frédéric Mangano-Tarumi Committed by Lukas Fleischer
Browse files

Remove the per-user session limit

This feature was originally introduced by
f961ffd9 as a fix for FS#12898
<https://bugs.archlinux.org/task/12898

>.

As of today, it is broken because of the `q.SessionID IS NULL` condition
in the WHERE clause, which can’t be true because SessionID is not
nullable. As a consequence, the session limit was not applied.

The fact the absence of the session limit hasn’t caused any issue so
far, and hadn’t even been noticed, suggests the feature is unneeded.
Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <lfleischer@archlinux.org>
parent 71740a75
......@@ -13,7 +13,6 @@ passwd_min_len = 8
default_lang = en
default_timezone = UTC
sql_debug = 0
max_sessions_per_user = 8
login_timeout = 7200
persistent_cookie_timeout = 2592000
max_filesize_uncompressed = 8388608
......
......@@ -596,21 +596,6 @@ function try_login() {
/* Generate a session ID and store it. */
while (!$logged_in && $num_tries < 5) {
$session_limit = config_get_int('options', 'max_sessions_per_user');
if ($session_limit) {
/*
* Delete all user sessions except the
* last ($session_limit - 1).
*/
$q = "DELETE FROM Sessions ";
$q.= "WHERE UsersId = " . $userID . " ";
$q.= "AND SessionID NOT IN (SELECT SessionID FROM Sessions ";
$q.= "WHERE UsersID = " . $userID . " ";
$q.= "ORDER BY LastUpdateTS DESC ";
$q.= "LIMIT " . ($session_limit - 1) . ")";
$dbh->query($q);
}
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)"
." VALUES (" . $userID . ", '" . $new_sid . "', " . strval(time()) . ")";
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment