This repository has been archived on 2026-03-10. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Torjus Håkestad 684baf63da security: add maximum session limit to prevent memory exhaustion ...

Add configurable MaxSessions limit (default: 10000) to SessionStore.
When the limit is reached, new session creation returns ErrTooManySessions
and HTTP transport responds with 503 Service Unavailable.

This prevents attackers from exhausting server memory by creating
unlimited sessions through repeated initialize requests.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-03 22:07:51 +01:00

19 KiB

Raw Blame History

View Raw