[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-developers] Need your advice on php5 session files - [
From: |
Chris Weiss |
Subject: |
Re: [phpGroupWare-developers] Need your advice on php5 session files - [Fwd: Bug#479905: phpgroupware-0.9.16-core-base: /var/lib/phpgroupware/sessions grows as files are never purged] |
Date: |
Wed, 7 May 2008 07:11:42 -0500 |
On Wed, May 7, 2008 at 5:15 AM, Olivier Berger
<address@hidden> wrote:
> Hello.
>
> I'm considering the right way to manage the PHP session files on
> standard installations in Debian.
>
> Maybe you can help, as I'm not really expert in PHP.
>
> In Debian's default configuration, phpGroupware uses session files, and
> the session.save_path is directed to a specific directory, separate from
> the PHP5 default (/var/lib/phpgroupware/sessions instead of the
> default /var/lib/php5/ in Debian).
>
> I guess such a separate dir was a way to prevent collision with other
> applicatons which may lead to security issues as phpGroupware sessions
> may contain sensitive information.
>
> Would this be a big risk to store them in the same place as other PHP
> apps installed on the same server ?
>
> Would you recommend any policy ?
>
> You'll find bellow a bug-report about these files not being purged ATM
> in Debian, btw ;)
>
it's always been my impression that php's garbage collection, not a
cron job, handles removing old session files. maybe what we have a
bug in php itself...