On 05/21/2013 10:13 AM, Reindl Harald wrote: >> - security > > seriously?
Ok, this one was only for default PHP config. I'm not saying that PHP session is less secure in general. > you think you know more about security than me > and how do secure vhosts - forget it! No, I do not. >> - scalability > > this is a bad joke but can you imagine two http servers using the same session (on another machine)? or one http server using two db servers? >> - no session file locking (parallel requests do not wait) > > and no integrity and cleanups or how do you explain me the > 5000 records in the session table on a server with a few > users after some months? Roundcube uses PHP's session garbage collector. If you disabled it then it's your problem to clean old sessions. It of course might be a bug. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
