This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Configuration to limit the number of active devices a single user may have #16064
Labels
S-Minor
Blocks non-critical functionality, workarounds exist.
T-Enhancement
New features, changes in functionality, improvements in performance, or user-facing enhancements.
Comments
When this has come up in the past the issue we've come to is -- what do you do if you hit the limit but don't have any active sessions? |
|
I suppose an alternative is we tell the user they can prune a device of their choosing to log in their current session, but it leaves you a bit stuck because you need a valid access token in order to even do that. Although maybe not. The error prompts you to kill a session, with a list of sessions. The https://spec.matrix.org/latest/client-server-api/#delete_matrixclientv3devicesdeviceid API already takes an IUA, so you just complete that. You still need to provide an access token to that endpoint apparently, but I'm wondering why. |
erikjohnston
added
S-Minor
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description:
Currently, the number of devices a single user can have is unbounded. This can start to cause performance concerns, especially when things involving inter-device messaging are concerned. It would be good to allow service providers the option to set a hard cap on the number of devices a user can have (prompting them to log out of older devices that may not be in use).
When a user hits their caps, I'd expect new /login attempts to be blocked.
I suspect this kind of thing will need a spec of some kind, at the very minimum a new error code to describe the the failure.
EDIT: Oh and if it wasn't clear, this is primarily for the non-federated use case. Obviously some person could join your room with several hundred devices and ruin things, but small steps etc.
The text was updated successfully, but these errors were encountered: