summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
authorFrédéric Mangano-Tarumi <fmang@mg0.fr>2020-07-29 13:46:10 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2021-02-20 17:25:19 +0100
commit87815d37c078c315ac3254741973cfba2bfccace (patch)
treec173ff4034ed7e462cd1d74eae84d76abc9950f2 /web/lib
parentbe31675b6589e66c8b10a64b44591b594d2eb735 (diff)
downloadaur-87815d37c078c315ac3254741973cfba2bfccace.tar.gz
aur-87815d37c078c315ac3254741973cfba2bfccace.tar.xz
Remove the per-user session limit
This feature was originally introduced by f961ffd9c7f2d3d51d3e3b060990a4fef9e56c1b as a fix for FS#12898 <https://bugs.archlinux.org/task/12898>. As of today, it is broken because of the `q.SessionID IS NULL` condition in the WHERE clause, which can’t be true because SessionID is not nullable. As a consequence, the session limit was not applied. The fact the absence of the session limit hasn’t caused any issue so far, and hadn’t even been noticed, suggests the feature is unneeded. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/acctfuncs.inc.php15
1 files changed, 0 insertions, 15 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index b3822eaf..bc603d3b 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -596,21 +596,6 @@ function try_login() {
/* Generate a session ID and store it. */
while (!$logged_in && $num_tries < 5) {
- $session_limit = config_get_int('options', 'max_sessions_per_user');
- if ($session_limit) {
- /*
- * Delete all user sessions except the
- * last ($session_limit - 1).
- */
- $q = "DELETE FROM Sessions ";
- $q.= "WHERE UsersId = " . $userID . " ";
- $q.= "AND SessionID NOT IN (SELECT SessionID FROM Sessions ";
- $q.= "WHERE UsersID = " . $userID . " ";
- $q.= "ORDER BY LastUpdateTS DESC ";
- $q.= "LIMIT " . ($session_limit - 1) . ")";
- $dbh->query($q);
- }
-
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)"
." VALUES (" . $userID . ", '" . $new_sid . "', " . strval(time()) . ")";