You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: Accurate session count to avoid constant upward drift (#1348)
* fix: Accurate session count to avoid constant upward drift
The register handler incremented the session counter before `SetIDPublicKey` could fail, leaking +1 on duplicate IDs or bad keys. Now only incremented after successful registration.
The deregister handler decremented the counter before validating the request, leaking -1 on malformed or unauthorized requests. Removed the explicit decrement entirely (handled in logic below).
Cache eviction and TTL expiry silently removed sessions without decrementing the counter, causing monotonic growth. Unified all session decrements into a single cache removal callback that fires on deregistration, eviction, and cache close, filtering to only count entries with a SecretKey (true client sessions).
session_total was added as a metric so that even short lived sessions can be viewed in the metrics.
* address review nits in session-tracking tests
---------
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
0 commit comments