Control: severity -1 wishlist Control: retitle -1 roundcube: database table `session` is never cleaned and grows without limit on nginx
Hi, On Sat, 25 Aug 2018 at 16:19:06 +0200, Symphorien Gibol wrote: > Debian disables it by setting session.gc_probability to 0 Upstream's ‘.htaccess’ file sets it to one, however: $ grep -F session.gc_ .htaccess php_value session.gc_maxlifetime 21600 php_value session.gc_divisor 500 php_value session.gc_probability 1 nginx doesn't honor that file, but it's not auto-configured by the package's postinst script either, so nginx users are “on their own” in that regard (hence lowering the severity to ‘wishlist’) :-P I use the following snippet to pass these values to php-fpm and have one every 500 requests (on average) trigger the GC and clean up expired (>6h) sessions. location = /index.php { include snippets/fastcgi-php.conf; fastcgi_param PHP_VALUE "[…] session.gc_maxlifetime=21600 session.gc_divisor=500 session.gc_probability=1"; […] } Cf. also https://github.com/roundcube/roundcubemail/issues/3573 . Cheers, -- Guilhem.
signature.asc
Description: PGP signature