Skip to content

feat: Implement session management and limits (#142) #159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
inureyes merged 4 commits into from
Jan 24, 2026
Merged

feat: Implement session management and limits (#142) #159

inureyes merged 4 commits into from
Jan 24, 2026

Conversation

@inureyes
Copy link
Member

@inureyes inureyes commented Jan 24, 2026

Summary

Implements session management features including per-user session limits, idle timeout detection, and session tracking.

Changes

  • SessionConfig: Configurable session limits

    • max_sessions_per_user: Limit concurrent sessions per user (default: 10)
    • max_total_sessions: Limit total concurrent sessions (default: 1000)
    • idle_timeout: Duration for idle detection (default: 1 hour)
    • session_timeout: Optional maximum session duration

  • SessionManager enhancements:

    • Per-user session tracking with user_sessions HashMap
    • authenticate_session() with per-user limit enforcement
    • touch() for updating last activity timestamp
    • get_idle_sessions() for timeout detection
    • Session statistics and admin operations

  • SessionInfo activity tracking:

    • last_activity field for idle detection
    • idle_secs(), is_idle(), is_expired() methods

  • SSH handler integration:

    • Per-user session limit checking during authentication
    • Rejects authentication when user exceeds session limit

  • Configuration:

    • New fields: max_sessions_per_user, session_timeout_secs
    • session_config() helper for creating SessionConfig

Test plan

  • SessionConfig creation and builder pattern
  • Per-user session limit enforcement
  • Session authentication with user tracking
  • Session activity tracking (touch)
  • Idle session detection
  • Session removal updates user tracking
  • Session statistics
  • Admin operations (kill_session, kill_user_sessions)
  • All 972+ tests passing

Closes #142

@inureyes
feat: Implement session management and limits (#142)
c2f8657 
- Add SessionConfig for configurable session limits:
  - max_sessions_per_user: Limit concurrent sessions per user
  - max_total_sessions: Limit total concurrent sessions
  - idle_timeout: Detect idle sessions
  - session_timeout: Optional maximum session duration

- Enhance SessionManager with per-user tracking:
  - user_sessions HashMap for tracking sessions by username
  - authenticate_session() method with per-user limit enforcement
  - touch() method for updating last_activity timestamp
  - get_idle_sessions() for timeout detection
  - get_stats() for session statistics
  - list_sessions() / list_user_sessions() for admin operations
  - kill_session() / kill_user_sessions() for forced disconnect

- Add SessionError and SessionStats types

- Enhance SessionInfo with activity tracking:
  - last_activity field for idle detection
  - idle_secs() and is_idle() methods
  - is_expired() for session timeout checks

- Integrate per-user limits in SSH handler:
  - Check per-user session limits during authentication
  - Reject authentication if user has too many sessions
  - Update SessionManager's user tracking on auth success

- Add session config to ServerConfig:
  - max_sessions_per_user field
  - session_timeout_secs field
  - session_config() helper method

- Comprehensive test coverage (30+ new tests)
@inureyes
fix: Address security and performance review issues
5ba6146 
- Fix HIGH: Race condition in Drop - add retry mechanism with
  exponential backoff to ensure session cleanup under lock contention

- Fix MEDIUM: Add input validation for SessionConfig - clamp
  max_sessions_per_user and max_total_sessions to minimum of 1
  to prevent misconfiguration that could deny all connections

- Add validate() method to SessionConfig for detecting potentially
  problematic configuration combinations

- Fix MEDIUM: Atomic ordering - change SessionId counter from
  Ordering::Relaxed to Ordering::SeqCst for stricter ordering
  guarantees and consistent logging

- Add tests for config validation and clamping behavior
@inureyes
chore: finalize PR with lint fixes and documentation
3262ee3 
- Fix code formatting issues (handler.rs, session.rs)
- Fix unused variable warning in test (s2 -> _s2)
- Add comprehensive session management documentation
- Document session_timeout configuration option
- Add session management API examples
@inureyes
Copy link
Member Author

inureyes commented Jan 24, 2026

PR Finalization Report

Project Structure Discovered

  • Project Type: Rust (Cargo workspace)
  • Test Framework: cargo test
  • Documentation System: Markdown docs in docs/architecture/
  • Lint Tools: cargo fmt, cargo clippy

Checklist

Tests

  • Analyzed existing test structure (45+ tests in session.rs)
  • Verified all tests pass (967 tests passed)
  • No additional tests needed - comprehensive coverage exists

Documentation

  • Session management module has comprehensive doc comments
  • Updated docs/architecture/server-configuration.md with:
    • session_timeout configuration option documentation
    • New "Session Management" section with API examples
    • Session configuration, limits, timeouts documentation
    • Admin operations documentation
    • Configuration validation documentation

Code Quality

  • cargo fmt --check - Fixed formatting issues
  • cargo clippy -- -D warnings - Passes with no warnings
  • Fixed unused variable warning in test (s2 -> _s2)

Changes Made

  1. Fixed formatting issues in src/server/handler.rs (import line wrapping)
  2. Fixed formatting issues in src/server/session.rs (warning message formatting)
  3. Fixed unused variable warning in test_session_manager_get_stats test
  4. Added comprehensive session management documentation to docs/architecture/server-configuration.md:
    • Session configuration options with code examples
    • Session limits (per-user and total) documentation
    • Session timeouts (idle and max duration) documentation
    • Session activity tracking documentation
    • Session statistics API documentation
    • Admin operations documentation
    • Configuration validation documentation

Verification

All checks passing:

  • 967 tests passed
  • No clippy warnings
  • No formatting issues

@inureyes
merge: resolve conflict with main branch in config/mod.rs
f7ea33b 
Merge origin/main into feat/session-management-142.
Both branches added new builder methods - kept all three:
- scp_enabled (from main)
- max_sessions_per_user (from current branch)
- session_timeout_secs (from current branch)
@inureyes inureyes merged commit 0862853 into main Jan 24, 2026
1 of 2 checks passed
@inureyes inureyes deleted the feat/session-management-142 branch January 24, 2026 10:52
@inureyes inureyes self-assigned this Jan 24, 2026
@inureyes inureyes added priority:medium Medium priority issue status:done Completed type:enhancement New feature or request labels Jan 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@inureyes inureyes

Labels

priority:medium Medium priority issue status:done Completed type:enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement session management and limits

2 participants

@inureyes