It seems there is no way to set a maximum size of events for a session window. This results in a security vulnerability. Example: I am recording all the user interaction events of a browser session. A malicious user can then generate hundreds of thousands or even millions of events, and cause out of memory errors on our backend.
I think Session Windows should have a way to stop the window from getting to an infinite size.
