Session management (wodWebServer / wodWebServer.NET)
Our application protects against denial of service attacks by monitoring the number of active sessions for all users.
There seems to be no way to do this. The SessionExpire event has a Sessions object but it seems to be the same as sessionvars for the current session.
We also destroy sessions corresponding with invalid requests and there seems to be no way to do that either. We can remove all session variables for a session; is that equivalent?
Complete thread:
- Session management - rickadams, 2022-01-31, 16:31
- Session management - wodSupport, 2022-02-01, 00:51