On Saturday 20 September 2008 13:39, François Gannaz wrote: > Thank you for taking time in investigating this. That's right, my global > php.ini sets this parameter to 1800. > > But phpMyAdmin doesn't have to follow this default parameter. IIRC, it > can use ini_set() to locally change the value of session.gc_maxlifetime. > If it doesn't, it should at least mention this in its user > documentation.
Right, I'll regard this as a documentation bug then, and I'll ask upstream to document that (or implement the additional feature of changing gc_maxlifetime). > If phpMyAdmin uses the default session parameters (lifetime, path, > handler...) then any php application running on the same server can > delete its sessions anytime. I still think it's a bug, or at least a > lacking feature. That can happen in any shared hosting setup where all scripts run as the www-data user. This is nothing that phpMyAdmin should be solving; if you're concerned about that a suexec+fastcgi solution may be better suited for your needs. Thijs
pgpSJc0218lSZ.pgp
Description: PGP signature
