With Xoops 2.0.16 and Protector 3.02 a number of uncessary??? session records are being created for each user session.

Protector creates a session record when a user first lands on a Xoops site. When the user logs in, another session record is created. When the user logs off, the state of the session records are changed, but the records are never deleted.

Unless you use something like Xoops Care on a regular basis, you can get a huge build-up of unnecessary session records. On a high traffic site, this quickly becomes unmanagemeable.

1. Why does Protector create its own session record?
2. Why doesn't the core re-use the protector's session record?
3. Why aren't the session records deleted when a user logs out?
4. But, if a session record is needed to track a non-logged in user, why isn't there some automatic (e.g. cron driven means) of deleting the old records? The records are marked as inactive.

If anyone knows the answer to these questions, it would be helpful. I'm trying to create a single unified login for multiple independent products, and the multiple session records are creating a real problem.

Thanks.