brodiefarrelloates

Thanks for posting @omshah. I was also a part of this assessment group, in my day job I work on antarctica.gov.au, and several other large Processwire sites. What are the impacts of having it enabled by default? Is it just extra overhead? Certainly agree that permissions changes should be logged somewhere for accountability purposes. Not sure if it should be a new log, or part of the session log? Maybe different is best. Upon reflection, I think you're right here @teppo - I think 429 is best returned for legitimate (authenticated) responses to something like an API to indicate that whilst successful and allowed, the rate limit has been exceeded. It is best to hide the fact any security actions have occurred. Overall Processwire is so solid, I've used it for over 12 sites now. Everything from small business to large government entities - it's such a blast to work with.

I think I narrowed it down to some kind of incomplete MySQL change in my local development environment, so a rather freak occurance. This Stack Overflow thread got me out the stuck position: https://stackoverflow.com/questions/15694168/error-tablespace-for-table-xxx-exists-please-discard-the-tablespace-before-imp I had to delete a few 'session' table files from the MySQL directory, only2 out of 3 of the required files per table were there. So it was casuing some kind of stuck state were it couldn't setup or drop the sessions table. All good now, thanks for your help!

I've randomly started having this issue too on some sites since upgrading to PHP8 in my local development environment (production is running PHP8 with no issues like this so far). For all my sites it's saying '%sitename%.sessions doesn't exist in engine', when I try to manually create a table with the right schema (as shown in the post above ) it then complains there is a sessions table already... but i can't see one. Has anyone else come across this?