Control: severity -1 wishlist Control: retitle -1 roundcube: database table `session` is never cleaned and grows without limit on nginx
Hi,
On Sat, 25 Aug 2018 at 16:19:06 +0200, Symphorien Gibol wrote:
> Debian disables it by setting session.gc_probability to 0
Upstream's ‘.htaccess’ file sets it to one, however:
$ grep -F session.gc_ .htaccess
php_value session.gc_maxlifetime 21600
php_value session.gc_divisor 500
php_value session.gc_probability 1
nginx doesn't honor that file, but it's not auto-configured by the
package's postinst script either, so nginx users are “on their own” in
that regard (hence lowering the severity to ‘wishlist’) :-P
I use the following snippet to pass these values to php-fpm and have one
every 500 requests (on average) trigger the GC and clean up expired
(>6h) sessions.
location = /index.php {
include snippets/fastcgi-php.conf;
fastcgi_param PHP_VALUE "[…]
session.gc_maxlifetime=21600
session.gc_divisor=500
session.gc_probability=1";
[…]
}
Cf. also https://github.com/roundcube/roundcubemail/issues/3573 .
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
