RolandGuijt

Secure ServerSideSessions page in the same way as Diagnostics

1

#11

Right now every authenticated user can list all sessions and remove them. It has to be obvious that something extra has to be done to protect it.

There is a small bug that puts the same string in logError and logDescription. Details here: https://github.com/DuendeSoftware/Support/issues/1425

Please see https://github.com/DuendeSoftware/Support/issues/1409 for context and relevance.

Consider adding more cache header options to `DiscoveryOptions`

2

Please see https://github.com/DuendeSoftware/Support/issues/1399

OperationCanceledException could be the more appropriate exception to check for because some APIs just raise that. See also: https://blog.stephencleary.com/2022/03/cancellation-3-detecting-cancellation.html#:~:text=And%20since%20TaskCanceledException%20derives%20from,Catch%20OperationCanceledException%20instead And: https://github.com/DuendeSoftware/Support/issues/1377