What would you like?

Move session management back to the database, add support for session management, potentially 2FA while we are at it.

Why is this needed?

Redis is fast, but the amount of errors we still get too much. Furthermore, we have not real control over when a session expires.

Other information

Can be done before GH-1798 (as this will only cover user authentication and not API authentication).

https://github.com/matomo-org/device-detector