server session object holds more memory that needed

The server session object holds $salt, $verifier and other protected state yet has no getters for them. Anyone wanting to use it for follow up cryptography can only get $userID, $M, $M2, and $K the session key. If they are keeping the object around to use the $K then they will be using up memory for $verifier, $B, $A etc. So the object should delete variables that it no longer needs to keep the memory down.

Comments (1)