[imp] Very alarming/strange login problems - user logs
intosomeone else's session
William Tucker
wtucker at mail.ucf.edu
Thu Feb 6 10:27:11 PST 2003
After increasing gc_probability to 25 and turning off trans_sid, the user is still having the problem. I am beginning to feel that I might never solve this. :)
William Tucker
>>> Eric Rostetter <eric.rostetter at physics.utexas.edu> 02/03/03 02:55PM >>>
Quoting William Tucker <wtucker at mail.ucf.edu>:
> Well, after about 5 days of thinking that the /dev/urandom patch had fixed
> the problem, unfortunately it happened again this morning.
Is it at least happening less frequently, or can't you tell?
> session.entropy_length = 32
> session.entropy_file = /dev/urandom
That really should be random enough, unless you have an incredible user
base.
> My php.ini settings for sessions are:
>
> session.gc_probability = 1
> session.gc_maxlifetime = 1440
Try increasing gc_probability to a higher number like 25 for example. If
your site is really low volume, set it even higher. Also a cron job to
delete old session files would be good if you have a low volume site (or
even if not).
> session.use_trans_sid = 1
I believe the recommended setting is off (0) for use_trans_sid.
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
--
IMP mailing list
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscribe at lists.horde.org
More information about the imp
mailing list