[Pkg-roundcube-maintainers] Bug#907260: Bug#907260: roundcube: database table `session` is never cleaned and grows without limit

[Guilhem Moulin]

Control: severity -1 wishlist
Control: retitle -1 roundcube: database table `session` is never cleaned and grows without limit on nginx

Hi,

On Sat, 25 Aug 2018 at 16:19:06 +0200, Symphorien Gibol wrote:
> Debian disables it by setting session.gc_probability to 0

Upstream's ‘.htaccess’ file sets it to one, however:

    $ grep -F session.gc_ .htaccess
    php_value   session.gc_maxlifetime   21600
    php_value   session.gc_divisor       500
    php_value   session.gc_probability   1

nginx doesn't honor that file, but it's not auto-configured by the
package's postinst script either, so nginx users are “on their own” in
that regard (hence lowering the severity to ‘wishlist’) :-P

I use the following snippet to pass these values to php-fpm and have one
every 500 requests (on average) trigger the GC and clean up expired
(>6h) sessions.

        location = /index.php {
            include snippets/fastcgi-php.conf;
            fastcgi_param PHP_VALUE "[…]
                                     session.gc_maxlifetime=21600
                                     session.gc_divisor=500
                                     session.gc_probability=1";
            […]
        }

Cf. also https://github.com/roundcube/roundcubemail/issues/3573 .

Cheers,
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20181103/bf4e97cd/attachment.sig>