You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, anyone who has, or has guessed, the server url, can create a session.
Sure, the session is only a text buffer, but - if I am running a server, I don't want it
to be known as a free-for-all message exchange site.
Could we have this as an alternative (to be chosen when starting the server):
when the server is started (from the cmd line), a session is created,
no session can be created via GUI. (the "home page" does not need to exist.)
The server could then print the session token to stdout, this would make it easier to start the repl. In fact, in this mode of operation, the server could (optionally) start the repl.
The text was updated successfully, but these errors were encountered:
We can add a --single-session option to flok-web. As you mentioned, this would generate a unique session and only expose the /s/[session_id] route for that session only.
munshkr
changed the title
restrict session creation?
Restrict session creation
May 29, 2022
munshkr
changed the title
Restrict session creation
Restrict session creation (single-session mode)
May 29, 2022
Currently, anyone who has, or has guessed, the server url, can create a session.
Sure, the session is only a text buffer, but - if I am running a server, I don't want it
to be known as a free-for-all message exchange site.
Could we have this as an alternative (to be chosen when starting the server):
The server could then print the session token to stdout, this would make it easier to start the repl. In fact, in this mode of operation, the server could (optionally) start the repl.
The text was updated successfully, but these errors were encountered: