diff options
-rw-r--r-- | aurweb/routers/sso.py | 2 | ||||
-rw-r--r-- | conf/config.defaults | 1 | ||||
-rw-r--r-- | web/lib/acctfuncs.inc.php | 15 |
3 files changed, 1 insertions, 17 deletions
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py index 2e4fbacc..73c884a4 100644 --- a/aurweb/routers/sso.py +++ b/aurweb/routers/sso.py @@ -56,7 +56,7 @@ def open_session(request, conn, user_id): raise HTTPException(status_code=403, detail=_('Account suspended')) # TODO This is a terrible message because it could imply the attempt at # logging in just caused the suspension. - # TODO apply [options] max_sessions_per_user + sid = uuid.uuid4().hex conn.execute(Sessions.insert().values( UsersID=user_id, diff --git a/conf/config.defaults b/conf/config.defaults index 49259754..98e033b7 100644 --- a/conf/config.defaults +++ b/conf/config.defaults @@ -13,7 +13,6 @@ passwd_min_len = 8 default_lang = en default_timezone = UTC sql_debug = 0 -max_sessions_per_user = 8 login_timeout = 7200 persistent_cookie_timeout = 2592000 max_filesize_uncompressed = 8388608 diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index b3822eaf..bc603d3b 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -596,21 +596,6 @@ function try_login() { /* Generate a session ID and store it. */ while (!$logged_in && $num_tries < 5) { - $session_limit = config_get_int('options', 'max_sessions_per_user'); - if ($session_limit) { - /* - * Delete all user sessions except the - * last ($session_limit - 1). - */ - $q = "DELETE FROM Sessions "; - $q.= "WHERE UsersId = " . $userID . " "; - $q.= "AND SessionID NOT IN (SELECT SessionID FROM Sessions "; - $q.= "WHERE UsersID = " . $userID . " "; - $q.= "ORDER BY LastUpdateTS DESC "; - $q.= "LIMIT " . ($session_limit - 1) . ")"; - $dbh->query($q); - } - $new_sid = new_sid(); $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)" ." VALUES (" . $userID . ", '" . $new_sid . "', " . strval(time()) . ")"; |