Package: drupal5 Version: 5.9-1 Severity: minor Tags: patch I'm reporting this bug on behalf of Kamthorn Krairaksa, who found it a year ago, as published in this blog (in Thai) [1], but felt reluctant to report it himself.
[1] http://kamthorn.org/2007/09/12/drupaldebian-%E0%B8%81%E0%B8%B1%E0%B8%9A%E0%B8%9B%E0%B8%B1%E0%B8%8D%E0%B8%AB%E0%B8%B2%E0%B8%95%E0%B8%B2%E0%B8%A3%E0%B8%B2%E0%B8%87-sessions-%E0%B9%82%E0%B8%95%E0%B8%82%E0%B8%B6%E0%B9%89%E0%B8%99 On Debian, user sessions in Drupal's database table keeps growing without being garbage-collected, despite session.gc_maxlifetime being set to lower number in php.ini. This can be serious problem for high-traffic sites. The problem is caused by php5 customization in Debian's php.ini to set GC probability to zero: ---8<--- ; Define the probability that the 'garbage collection' process is started ; on every session initialization. ; The probability is calculated by using gc_probability/gc_divisor, ; e.g. 1/100 means there is a 1% chance that the GC process starts ; on each request. ; This is disabled in the Debian packages, due to the strict permissions ; on /var/lib/php5. Instead of setting this here, see the cronjob at ; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below ;session.gc_probability = 0 session.gc_divisor = 100 ---8<--- And GC is instead done with cron job, which simply clears sessions by removing aged files in /var/lib/php5/, as follows: ---8<--- # Look for and purge old sessions every 30 minutes 09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm ---8<--- However, what's required for Drupal is to call sess_gc() so that the SQL query to delete aged rows from sessions table is executed. So, Drupal requires an exception from the above customization. One possible fix is to add these lines to sites/default/settings.php to override it: ---8<--- ini_set('session.gc_probability', 1); ini_set('session.gc_divisor', 100); ---8<--- -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-486 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages drupal5 depends on: ii apache2 2.2.9-6 Apache HTTP Server metapackage ii apache2-mpm-worker [httpd] 2.2.9-6 Apache HTTP Server - high speed th ii curl 7.18.2-5 Get a file from an HTTP, HTTPS or ii dbconfig-common 1.8.39 common framework for packaging dat ii debconf 1.5.22 Debian configuration management sy ii exim4 4.69-6 metapackage to ease Exim MTA (v4) ii exim4-daemon-light [mail-tran 4.69-6 lightweight Exim MTA (v4) daemon ii php5 5.2.6-2 server-side, HTML-embedded scripti ii php5-gd 5.2.6-2+b1 GD module for php5 ii php5-pgsql 5.2.6-2+b1 PostgreSQL module for php5 ii postgresql-client-8.2 [postgr 8.2.7-2+b1 front-end programs for PostgreSQL ii postgresql-client-8.3 [postgr 8.3.3-1 front-end programs for PostgreSQL ii wwwconfig-common 0.1.2 Debian web auto configuration Versions of packages drupal5 recommends: pn mysql-server | postgresql <none> (no description available) drupal5 suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
