In sessions.php the max logins is retrieved as:
, and in phpBBXS it was
Unless I'm wrong, never in phpBBXS or Icy has there been any configuration option in ACP to change this value. The only way is through phpmyadmin! Could somebody else check this in case I'm going mad!
The default value is 20, which is quite large number of logins to record for the same user (I think pentapenguin even had it set to 45 originally!) - I mean, if you had 100 users, then thats 2000 rows of login data, all of which is not very helpfully stored in the first place- I mean, if a user repeatedly logs in from the same IP, then its not so useful to know all the times he's logged in from the same IP, as it is if suddenly the user logs in from many different IPs (and thus a likely account hack). As it stands, the mod will remove any old login once the $max_logins is exceeded, and does not differentiate between existing IPs when it inserts data. To demonstrate this last point, here is the lines in session.php where logins are inserted:
$sql = "INSERT INTO " . LOGINS_TABLE . "
(login_id, login_userid, login_ip, login_user_agent, login_time)
VALUES (NULL, $user_id, '$user_ip', '$user_agent', $current_time)";
(login_id, login_userid, login_ip, login_user_agent, login_time)
VALUES (NULL, $user_id, '$user_ip', '$user_agent', $current_time)";
The same can also be said of the phpbb_sessions table, the majority of which is redundant data that should be deleted automatically when the session handler detects it has expired - so far session data is only removed if the user logs out, via session_end(). What is required is for a mod to check the age of sessions, and if they are older than the board_config session time, they are automatically delete, and thus result in a much smaller session table that makes logging in/out much quicker. Since this should maintain a compact sessions table, nobody should experience any overhead from the sessions table being trimmed of expired sessions, unless some strange circumstance that the entire board membership decides to log in numerous times and leave their browsers open / have cookies disabled etc... which is not that likely ;)
An interesting topic from phpbb on this, and potential way to speed up your site:
http://www.phpbb.com/community/view...&st=0&sk=t&sd=a
Which leads me to conclude we should also be creating the sessions table as a HEAP table in the first place (indeed, we could make a lightning system if we had parallel table sets, one set which was myisam/innodb and another as HEAP, and changed the way the scripts work so that data is stored in both, but read from HEAP tables, and if there is a MYSQL crash, the data from the myisam/innodb is repopulated into the HEAP tables - of course it would be a bit of work... but all data would be called from RAM, which would make it lighting compared to cached the sql in files on disk!)
Anyway, a possibility for a mod or two here, for the benefit of mankind... but importantly, a configuration parameter which can't be configured from ACP... :?