[imp] session does not timeout
Jonathan Giles
jong@clinedavis.com
Fri, 04 Oct 2002 12:22:13 -0400
Thanks Edie and Eric.
Now that I understand how gc works, the server does logout sessions, but only when more than
one session is running.
That could be a problem, as we don't have that high of a load on the webmail server. Does
anybody know of an other way to do session timeouts under very low server load?
Sorry to beat the horse dead, but...
Oh by the way Eric, mail doesn't get refreshed that often, so that wouldn't be causing the
problem.
Thanks again for the help!
jg
Eddie Urenda wrote:
> Forgot to mention that the settings I used to accomplish this were:
>
> session.gc_probability = 100
> session.gc_maxlifetime = 30
>
> -Eddie
>
> On Thu, 3 Oct 2002, Eddie Urenda wrote:
>
> > Jonathan,
> >
> > The settings you mention below worked for me, and the garbage collector
> > runs 100% of the time, when a new session is initiated.
> >
> > In other words, it doesn't time out on its own after 60 secs, but after 60
> > secs if I initiate a second login session, then the gabage collection is
> > started (since I set the probability to 100%), and the first session times
> > out.
> >
> > The key is that another session must be started for garbage collection to
> > be run (at least in my tests), it doesn't run on it's own after 60 secs
> > (this would probably be resource intensive for a large system).
> >
> > -Eddie
> >
> > On Thu, 3 Oct 2002, Jonathan Giles wrote:
> >
> > > Mike:
> > >
> > > Thanks for the clarification on the use of garbage collection.
> > >
> > > Do you have any suggestions on how I would force timeouts on sessions
> > > whether or not the system is in high load? I don't expect the system to
> > > have real high loads for some time, but still want to prevent people
> > > from walking away from open sessions and having them stay open.
> > >
> > > I have also tried this...
> > > session.gc_probability = 100
> > > and the session still doesn't time out.
> > >
> > > I have also tried this...
> > > session.cookie_lifetime = 60
> > > and the session still doesn't time out gosh darn.
> > >
> > > Thanks so much for the help!
> > >
> > > Jon Giles
> > >
> > >
> > >
> > > Mike Cochrane wrote:
> > >
> > > > >From what you're describing here, it doesn't sound like you're testing in a way
> > > > that would allow the garbage collector to run....
> > > >
> > > > The gc doesn't run every request to php, that's over kill... instead it has a
> > > > probability set in php.ini... if you're not getting many requests to your server
> > > > then it's not going to get run very often and the session aren't going to get
> > > > timed out...
> > > >
> > > > if your server is under higher load then the gc is going to run more often and
> > > > timeout the sessions, or if you incread the probability in php.ini the same
> > > > result will happen.
> > > >
> > > > if it's just you prodding you're server, it's not likely that the gc would have run.
> > > >
> > > > - Mike :-)
> > > >
> > > > > ----- Message from jong@clinedavis.com ---------
> > > > >
> > > > > I looked all over the faq and lists for this one and couldn't find it.
> > > > >
> > > > > I am trying to force a timeout for imp sessions, and the usual ways
> > > > > don't seem to work.
> > > > >
> > > > > In the older imp, it was done in the local.inc if I remember correctly,
> > > > > but there is none around the new version as best as I see.
> > > > >
> > > > > On this list, a few different things were mentioned to be found in the
> > > > > php.ini file.
> > > > >
> > > > > I went to http://www.php.net/manual/en/ref.session.php for info on each
> > > > > value.
> > > > >
> > > > > I found that session.gc_maxlifetime would do it for me, if it worked. I
> > > > > set it to something really small, 60 seconds, so I can see the results.
> > > > > I restarted the apache server. I would think that after the 60secs, the
> > > > > session file would be removed. No such thing happens, and the session
> > > > > stays open even after the 60 secs.
> > > > >
> > > > > I also tried session.cookie_lifetime as well, but that didn't work
> > > > > either.
> > > > >
> > > > > BTW I have set the session file to be written to /var/www/tmp, which
> > > > > I created to keep session cookies from intruders as best as I can.
> > > > >
> > > > > Is there something in horde/imp that overides these values, or maybe I
> > > > > need to turn something else on or off in php.ini?
> > > > >
> > > > > Any help would be really appreciated!
> > > > >
> > > > > Thanks,
> > > > >
> > > > > Jon Giles
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > IMP mailing list
> > > > > Frequently Asked Questions: http://horde.org/faq/
> > > > > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> > > > >
> > > > > ----- End message from jong@clinedavis.com -----
> > > >
> > > > --
> > > > IMP mailing list
> > > > Frequently Asked Questions: http://horde.org/faq/
> > > > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> > >
> > > --
> > > Jonathan Giles
> > > Senior Unix Administrator
> > > Cline Davis Mann, Inc.
> > >
> > > --
> > > Privileged/Confidential Information may be contained in this
> > > message. If you are not the addressee indicated in this message
> > > (or responsible for delivery of the message to such person), you
> > > may not copy or deliver this message to anyone. In such case,
> > > you should destroy this message and kindly notify the sender
> > > by reply e-mail. Please advise immediately if you or your
> > > employer do not consent to Internet e-mail of this kind.
> > > Opinions, conclusions, and other information in this message
> > > that do not relate to the official business of CDM shall
> > > be understood as neither given nor endorsed by it.
> > >
> > >
> > >
> > >
> > > --
> > > IMP mailing list
> > > Frequently Asked Questions: http://horde.org/faq/
> > > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> > >
> >
> >
> > --
> > IMP mailing list
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> >
--
Jonathan Giles
Senior Unix Administrator
Cline Davis Mann, Inc.
--
Privileged/Confidential Information may be contained in this
message. If you are not the addressee indicated in this message
(or responsible for delivery of the message to such person), you
may not copy or deliver this message to anyone. In such case,
you should destroy this message and kindly notify the sender
by reply e-mail. Please advise immediately if you or your
employer do not consent to Internet e-mail of this kind.
Opinions, conclusions, and other information in this message
that do not relate to the official business of CDM shall
be understood as neither given nor endorsed by it.