Limits (Specifications)


This plugin is not yet considered as release ready and doesn’t support all the advertised features. This document should be considered as specifications until this note is removed.

This plugin enables adminstrators to enforce limits in Stormancer server access.

Two types of limits are currently supported:

  • Request rates limits enforce a maximum number of concurrent requests on RPC routes. These limits can help reduce load on servers and prevent bugs in game clients that could lead to Denial of service issues.

  • CCU limits, with support for an optional user authentication queue and grace period on disconnection (to allow connecting back without going through the queue and user limit).


Install the Nuget package Stormancer.Server.Plugins.Limits in the server application project.

CCU limits

Applies a limit to the number of concurrent users that can be authenticated on the application. An user wait queue can be enabled for users to wait until a slot is available for them. Furthermore, the plugin supports keeping a slot for disconnected players to allow them to bypass the queue.


reserved slots count toward the user limit. A long grace period would therefore lengthen queue wait times.

The plugin does not actually prevent connection, but blocks session creation after authentication. This behavior enables ignoring the limits for select users by implementing ILimitsEventHandler.

 1 {
 2         "limits":{
 3                 "connections":
 4         {
 5             "max":100,              //Maximum number of concurrent user sessions authenticated on the application, including slots reserved for reconnection. (defaults to -1 : unlimited)
 6             "queue":100,            //Maximum number of user sessions in the authentication queue. (defaults to 0 : no queue)
 7             "slots":{
 8                 "disconnectedTimeout":30,  //Duration in seconds the user slot can be recovered when manually disconnected. (defaults to 0)
 9                 "connectionLostTimeout":60 //Duration in seconds the user slot can be recovered when connection is lost. (defaults to 'disconnected')
10             }
11         }
12         }
13     ...

Request rate limits

Applies a limit to the number of concurrent pending requests (CPR) to routes on the server application. The limit applies to client=>server RPCs at the SA level (After the grid routing layer). The following configuration options are available:


The CCU limit queue keeps the RPC Authentication.Login running while the user is waiting in queue. If a CPR limit is configured on this route with a maximum lesser than the queue size, be aware that the CPR limit will trigger before the queue limit.

 1 {
 2         "limits":{
 3                 "concurrentRequests":[
 4             {
 5                 "routePattern": "PartyManagement.CreateSession",    //Regex the route must match to trigger the rule.
 6                 "maxConcurrent": 100,                               //Max pending requests in parallel on the procedures that matches the rule.
 7                 "waitForMs":1000                                    //Wait 1 second before returning an error if the rule is triggered
 8             }
10         ]
11         }
12     ...

Accessing data about limits

The ILimits interface provides data about the limits:

  • Number of users currently authenticated.

  • Number of slots reserved for disconnected users.

  • Number of users in the authentication waiting queue.