[php-maint] Bug#321460: php4 gc_probability default is breaking custom GC handlers

Steve Langasek vorlon at debian.org
Fri Aug 5 21:26:53 UTC 2005

On Fri, Aug 05, 2005 at 12:41:39PM -0400, Dmitriy Kropivnitskiy wrote:
> Package: libapache-mod-php4
> Version: 4:4.3.10-15

> The default for session.gc_probability was changed from the upstream
> default of 1 (garbage collection runs on 1% of requests) to 0 (no
> garbage collection). I believe that the reason for the change was the
> bug #267720 <http://bugs.debian.org/267720>. Unfortunately, this breaks
> things for people using session_set_save_handler() function to set their
> own session management (for example to record sessions in a database).
> If existing codebase is using custom garbage collection function an
> upgrade to Debian silently stops the garbage collection from happening,
> since the cron job from php4-common only cleans up default session temp
> files. Also this changes the expected (documented on www.php.net)
> behaviour of php session handling. The solution for this would be to either
> 1. Re-enable the gc_probability and change default ownership and
> permissions on /var/lib/php4 to allow www-data deleting files from it
> (and disallow regular users any access, something like chmod 770 )

I'm sorry, but this is an unacceptable solution for the existing PHP use
cases.  There is no way to provide a reasonable default session config that
both provides appropriate security for session data and also allows using
the built-in PHP garbage collector.

> 2. Leave this as it is, but bring up a warning message in the package
> post-config to bring this to the user's attention

That would also be inappropriate.  However, this is information that it
would be sensible to put in the package README file.

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20050805/8662d5a2/attachment.pgp

More information about the pkg-php-maint mailing list