XF Premium [DBTech] DragonByte Security 5.1.0 Patch Level 1

Update highlights

• This version fixes a regression from v5.0.x causing active forums to receive a MySQL error message saying "lock wait timeout exceeded".
• Additionally, further optimisations have been made to the session update code to improve performance.

Complete Change Log

• Fix: The isExpired check now uses the new settings
• Fix: Fix regression causing MySQL errors

Update highlights​

This version adds significant changes and performance improvements to the extended session handling.

You can now optionally enable extended session tracking but disable guest session tracking. This will significantly reduce the number of database rows if most of your visitors are guests. You can also entirely turn off extended session tracking. Turning this off will prevent users from seeing their sessions on the "Password and security" page.

Furthermore, an issue where three sessions could be created by a guest logging in has been resolved. A known issue remains: if someone sees the "You must be logged in to do that" login screen as their very first visit to your site, and they successfully log in from that page, a second session will be created (one for the guest visit and one for the logged-in visit).

Lastly, you can now adjust the expiry time for extended sessions for guests and logged in users separately. Previously, all sessions were hardcoded to expire in 30 days. The default expiry time for logged-in users is 30 days and 24 hours for guests.
Feature: Optionally disable extended session tracking
Feature: Configurable logged-in session pruning
Feature: Configurable guest session pruning
Change: Disabling fingerprint logging will now purge existing fingerprints
Fix: Reduced the amount of sessions being created per user