inureyes
commented
10 years ago Currently, session timeout does not work for spammers: session update timer (for garbage collection) is refreshed when the same user (IP/session) tries to reconnect.
Open inureyes opened 10 years ago
inureyes
commented
10 years ago Currently, session timeout does not work for spammers: session update timer (for garbage collection) is refreshed when the same user (IP/session) tries to reconnect.
inureyes
commented
10 years ago Session time extension is intended behavior. However we also keep the spammers' sessions. Any idea?
Currently, comment addition route automatically create anonymous session if no session is found. However, comment by human interaction should have pre-assigned session. Also, too many anonymous sessions could make session handler congestion. We need solutions for that.