[imp] Very alarming/strange login problems - user logs in
tosomeone else's session
Eric Rostetter
eric.rostetter at physics.utexas.edu
Mon Feb 3 13:55:24 PST 2003
Quoting William Tucker <wtucker at mail.ucf.edu>:
> Well, after about 5 days of thinking that the /dev/urandom patch had fixed
> the problem, unfortunately it happened again this morning.
Is it at least happening less frequently, or can't you tell?
> session.entropy_length = 32
> session.entropy_file = /dev/urandom
That really should be random enough, unless you have an incredible user
base.
> My php.ini settings for sessions are:
>
> session.gc_probability = 1
> session.gc_maxlifetime = 1440
Try increasing gc_probability to a higher number like 25 for example. If
your site is really low volume, set it even higher. Also a cron job to
delete old session files would be good if you have a low volume site (or
even if not).
> session.use_trans_sid = 1
I believe the recommended setting is off (0) for use_trans_sid.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the imp
mailing list