[imp] Session stays open many hours(!?)

Theodore Hope imp@iguana.internexo.co.cr
Tue, 13 Feb 2001 10:30:33 -0600 (CST) 

Hi Chuck,

> > I've just installed the latest stable horde/imp and am
> > trying it out.  I left open an imp session last night,
> > and when I came to the desk again today the session was
> > still active.  In other words, I could read msgs as
> > though I had recently logged on, but it had been about
> > 14 hours since I touched that browser.
> 
> Sessions are controlled by phplib in IMP 2.2. You can set the
> lifetime of the session (in local.inc), but after that, it's a
> matter of whether or not the session is garbage collected
> (gc_probability). If this is a test system without many people
> using it, the probability that sessions will be garbage collected
> is rather low.

Thanks for the explanation.  I had understood phplib's "GC" to
mean "delete from the table sessions that are expired", as opposed
to "check all sessions which should be expired by now, and expire them"
(which is how I'm interpreting your message).   Sure enough, since
this is an experimental horde/imp that I set up, nobody else will
go around and GC very often.

But wait, something else just ocurred to me:  If the browser was
left open with the horde/imp session left on, won't the "auto check
for mail every xxxx seconds" facility essentially keep the session
alive, since it really _does_ access it every so often?  If this is
the case, that will explain why it's "still active".



> > I didn't manually configure any "timeout" values at all, and
> > the "lib/horde.lib" file contains "$this->session_timeout = 300;".
> 
> That's still there? Doh. That's been deprecated since we switched to phplib in 
> 2.2.

Then I guess we'll see it gone in the next release :-)



> > The only thing I can think of is that I did start an imp session
> > with the same mail user about an hour ago, but from another
> > machine/browser.  (I wouldn't think that the phplib+imp session
> > stuff would think the two browsers were the same person, since
> > it's unique cookie-based, right?)
> 
> Yes.


Again, thanks for pointing out these things.

 -T.H.