Session management - WeOnlyDo Discussion board

Session management (wodWebServer / wodWebServer.NET)

by rickadams, Monday, January 31, 2022, 16:31 (489 days ago)

Our application protects against denial of service attacks by monitoring the number of active sessions for all users.

There seems to be no way to do this. The SessionExpire event has a Sessions object but it seems to be the same as sessionvars for the current session.

We also destroy sessions corresponding with invalid requests and there seems to be no way to do that either. We can remove all session variables for a session; is that equivalent?

Session management

by wodSupport, Tuesday, February 01, 2022, 00:51 (489 days ago) @ rickadams


In theory yes, you can simply remove all variables since that makes your session.