From 2985efb524c1f5835aef1df754e37059e6738ff3 Mon Sep 17 00:00:00 2001
From: Uli Schlachter <psychon@znc.in>
Date: Fri, 13 May 2011 18:19:08 +0200
Subject: [PATCH] Correctly handle excessive web sessions

The old code didn't actually destroy the session, but only made sure we couldn't
use it anymore. What a waste of memory.

This was tested by adding a DEBUG()-call to CWebSock::~CWebSock():

Before this patch:

 Page Request [/]
 Remote IP:   127.0.0.1; discarding session [ca104adaa54f933b6b8394e88e68ab0d22e0fc227ed23e93d1421e4d3fda8211]
 Auto generated session: [d40364e8d0a55432b86a1b2598865c2323e35cc6e77cade35b9a1b7605712ca6]

After this patch:

 Page Request [/]
 Remote IP:   127.0.0.1; discarding session [707e3b262fe47b93d8c796354574506c398cc5b5d84aa2972dc3d031d8f731f5]
 Destroying session [707e3b262fe47b93d8c796354574506c398cc5b5d84aa2972dc3d031d8f731f5, 127.0.0.1 for <unknown>
 Auto generated session: [47de1c82a8b6eaae54a9cc8c29163ab53ec2add7198cf1df7f80506ea1bda2b6]

Obviously, the destructor is only called after this change.

Signed-off-by: Uli Schlachter <psychon@znc.in>
---
 WebModules.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/WebModules.cpp b/WebModules.cpp
index 60e08431..d30f91e3 100644
--- a/WebModules.cpp
+++ b/WebModules.cpp
@@ -729,7 +729,7 @@ CSmartPtr<CWebSession> CWebSock::GetSession() {
 	if (Sessions.m_mIPSessions.count(GetRemoteIP()) > m_uiMaxSessions) {
 		mIPSessionsIterator it = Sessions.m_mIPSessions.find(GetRemoteIP());
 		DEBUG("Remote IP:   " << GetRemoteIP() << "; discarding session [" << it->second->GetId() << "]");
-		Sessions.m_mIPSessions.erase(it);
+		Sessions.m_mspSessions.RemItem(it->second->GetId());
 	}
 
 	CString sSessionID;