> Ross Berteig: > I should be possible to support more than one session cookie per > user, but then you would need a process to occasionally purge > stale sessions from the server. You could do that check on any > session validation, if its been long enough since the last check. > Or at least check a few sessions on each validation if that is > expensive to do en masse.
Yeah I was thinking the same thing. If you don't want it to become unbounded, add a configuration parameter to determine how many parallel sessions any given user can have with a sane default (possibly even 1, thus not changing the current behavior). I doubt (without measurements, which, of course, always is dangerous) that it would become expensive to do this (at least in comparison to all the other operations fossil is doing on the DB!), and I also, speaking as a user now, would enjoy having multiple log-ins available. That being said, I think the part where the IP is being woven into the hash should stay. Regards, -Martin _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users