Hi, Could someone please explain the rationale behind calling DeleteQuery on the session database when an authentication packet is received? It makes no sense to me since the mere reception of an Authentication-Request is no indication that a session has ended. It also means it is potentially very easy for users to bypass simultaneous login limitations by simply making a faking a second PPP session with a bad password (or spoofing an Authentication-Request), which will cause their existing radonline entry to be deleted and allow the account to be used from anywhere else.
Is there any way to disable this behaviour without hacking the code? Eddie _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
