No subject
Sun Jan 16 06:41:43 UTC 2011
Session storage
---------------
Session files are stored in /var/lib/php5. For security purposes, this
directory is unreadable by non-root users. This means that php5 runnin=
g
from apache2, for example, will not be able to clean up stale session
files. Instead, we have a cron job run every 30 mins that cleans up
stale session files; /etc/cron.d/php5. You may need to modify how
often this runs, if you've modified session.gc_maxlifetime in your
php.ini; otherwise, it may be too lax or overly aggressive in cleaning
out stale session files.
Andres Salomon <dilinger at debian.org> Fri, 03 Sep 2004 03:12:54 -0400
On Mon, Feb 14, 2011 at 09:44, Pierre Habouzit <madcoder at debian.org> wrote:
> Package: libapache2-mod-php5
> Version: 5.3.3-7
> Severity: grave
>
> The last php5 upload sets session.gc_probability to 0, which means that
> sessions aren't GC'ed anymore which is a possible source for DOSes
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>
--=20
=EF=BB=BFOnd=C5=99ej Sur=C3=BD <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list