From a59d38fc0b53e424d2bdf0eaf888a3227df176e7 Mon Sep 17 00:00:00 2001
From: Olivier 'reivilibre <oliverw@matrix.org>
Date: Mon, 1 Dec 2025 11:47:37 +0000
Subject: [PATCH] Comment on why we special-case 'only violation is
 too-many-sessions'

---
 crates/handlers/src/compat/login.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/crates/handlers/src/compat/login.rs b/crates/handlers/src/compat/login.rs
index 0fbcf5e0f..9f10d0373 100644
--- a/crates/handlers/src/compat/login.rs
+++ b/crates/handlers/src/compat/login.rs
@@ -593,6 +593,11 @@ async fn token_login(
         })
         .await?;
     if !res.valid() {
+        // If the only violation is that we have too many sessions, then handle that
+        // separately.
+        // In the future, we intend to evict some sessions automatically instead. We
+        // don't trigger this if there was some other violation anyway, since that means
+        // that removing a session wouldn't actually unblock the login.
         if res.violations.len() == 1 {
             let violation = &res.violations[0];
             if violation.code == Some(ViolationCode::TooManySessions) {
@@ -721,6 +726,11 @@ async fn user_password_login(
         })
         .await?;
     if !res.valid() {
+        // If the only violation is that we have too many sessions, then handle that
+        // separately.
+        // In the future, we intend to evict some sessions automatically instead. We
+        // don't trigger this if there was some other violation anyway, since that means
+        // that removing a session wouldn't actually unblock the login.
         if res.violations.len() == 1 {
             let violation = &res.violations[0];
             if violation.code == Some(ViolationCode::TooManySessions) {