[imp] session does not timeout

Jonathan Giles jong@clinedavis.com
Thu, 03 Oct 2002 11:55:21 -0400


Mike:

Thanks for the clarification on the use of garbage collection.

Do you have any suggestions on how I would force timeouts on sessions whether or not
the system is in high load?  I don't expect the system to have real high loads for some
time, but still want to prevent people from walking away from open sessions and having
them stay open.

I have also tried this...
session.gc_probability = 100
and the session still doesn't time out.

I have also tried this...
session.cookie_lifetime = 60
and the session still doesn't time out gosh darn.

Thanks so much for the help!

Jon Giles



Mike Cochrane wrote:

> >From what you're describing here, it doesn't sound like you're testing in a way
> that would allow the garbage collector to run....
>
> The gc doesn't run every request to php, that's over kill... instead it has a
> probability set in php.ini... if you're not getting many requests to your server
> then it's not going to get run very often and the session aren't going to get
> timed out...
>
> if your server is under higher load then the gc is going to run more often and
> timeout the sessions, or if you incread the probability in php.ini the same
> result will happen.
>
> if it's just you prodding you're server, it's not likely that the gc would have run.
>
> - Mike :-)
>
> > ----- Message from jong@clinedavis.com ---------
> >
> > I looked all over the faq and lists for this one and couldn't find it.
> >
> > I am trying to force a timeout for imp sessions, and the usual ways
> > don't seem to work.
> >
> > In the older imp, it was done in the local.inc if I remember correctly,
> > but there is none around the new version as best as I see.
> >
> > On this list, a few different things were mentioned to be found in the
> > php.ini file.
> >
> > I went to http://www.php.net/manual/en/ref.session.php for info on each
> > value.
> >
> > I found that session.gc_maxlifetime would do it for me, if it worked.  I
> > set it to something really small, 60 seconds, so I can see the results.
> > I restarted the apache server.  I would think that after the 60secs, the
> > session file would be removed.  No such thing happens, and the session
> > stays open even after the 60 secs.
> >
> > I also tried session.cookie_lifetime as well, but that didn't work
> > either.
> >
> > BTW I have set the session file to be written to /var/www/tmp, which
> > I created to keep session cookies from intruders as best as I can.
> >
> > Is there something in horde/imp that overides these values, or maybe I
> > need to turn something else on or off in php.ini?
> >
> > Any help would be really appreciated!
> >
> > Thanks,
> >
> > Jon Giles
> >
> >
> >
> > --
> > IMP mailing list
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> >
> > ----- End message from jong@clinedavis.com -----
>
> --
> IMP mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org

--
Jonathan Giles
Senior Unix Administrator
Cline Davis Mann, Inc.

--
Privileged/Confidential Information may be contained in this
message.  If you are not the addressee indicated in this message
(or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone.  In such case,
you should destroy this message and kindly notify the sender
by reply e-mail.  Please advise immediately if you or your
employer do not consent to Internet e-mail of this kind.
Opinions, conclusions, and other information in this message
that do not relate to the official business of CDM shall
be understood as neither given nor endorsed by it.