Comment on why we special-case 'only violation is too-many-sessions'

2025-12-01 11:47:37 +00:00
parent 65b7cdc409
commit a59d38fc0b
1 changed files with 10 additions and 0 deletions
--- a/crates/handlers/src/compat/login.rs
+++ b/crates/handlers/src/compat/login.rs
@@ -593,6 +593,11 @@ async fn token_login(
        })
        .await?;
    if !res.valid() {
+        // If the only violation is that we have too many sessions, then handle that
+        // separately.
+        // In the future, we intend to evict some sessions automatically instead. We
+        // don't trigger this if there was some other violation anyway, since that means
+        // that removing a session wouldn't actually unblock the login.
        if res.violations.len() == 1 {
            let violation = &res.violations[0];
            if violation.code == Some(ViolationCode::TooManySessions) {
@@ -721,6 +726,11 @@ async fn user_password_login(
        })
        .await?;
    if !res.valid() {
+        // If the only violation is that we have too many sessions, then handle that
+        // separately.
+        // In the future, we intend to evict some sessions automatically instead. We
+        // don't trigger this if there was some other violation anyway, since that means
+        // that removing a session wouldn't actually unblock the login.
        if res.violations.len() == 1 {
            let violation = &res.violations[0];
            if violation.code == Some(ViolationCode::TooManySessions) {