Been thinking about this more and this actually would lend itself WELL as form of 'dynamic rate limiting' where we scale down the rate for requests if they login/logout several times
scale down the amount of requests they can make
scale down the time in which they can make these requests.
people may attempt login/logout to attempt to bypass functionality
This is an immediate flag for attempted hacking.
If we add a ratelimit to login attempts this will help reduce attempts.
for example:
so ...
We store 'lockTime' & 'numberofoccurencesas with User domain We can add ROLES that bypass the check(ie ROLE_TEST, ROLE_ADMIN)