No subject

Sun Jan 16 06:41:43 UTC 2011

Session storage

    Session files are stored in /var/lib/php5.  For security purposes, this
    directory is unreadable by non-root users.  This means that php5 runnin=
    from apache2, for example, will not be able to clean up stale session
    files.  Instead, we have a cron job run every 30 mins that cleans up
    stale session files; /etc/cron.d/php5.  You may need to modify how
    often this runs, if you've modified session.gc_maxlifetime in your
    php.ini; otherwise, it may be too lax or overly aggressive in cleaning
    out stale session files.

Andres Salomon <dilinger at>  Fri, 03 Sep 2004 03:12:54 -0400

On Mon, Feb 14, 2011 at 09:44, Pierre Habouzit <madcoder at> wrote:
> Package: libapache2-mod-php5
> Version: 5.3.3-7
> Severity: grave
> The last php5 upload sets session.gc_probability to 0, which means that
> sessions aren't GC'ed anymore which is a possible source for DOSes
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at

=EF=BB=BFOnd=C5=99ej Sur=C3=BD <ondrej at>

More information about the pkg-php-maint mailing list