Issue description
When a user logs in by ticket, it currently creates a new session every time. When the ticket is already associated with a session, it should not create a new one. This prevents session flooding by lazy programmatic access.
Developer comments
Instead of the originally propose reusing of the session, there is now stateless tickets. These create a topincs session (for the request to be processed correctly and the user to be known to Topincs), but does not create a PHP session nor set a cookie on the response since the programmer of the remote HTTP request did anyway not reacting to it.
|
Work sessions
Start |
2019-07-24T10:50:41
|
End |
2019-07-24T13:48:30
|
Participant |
Robert Cerny
|
|