close 613345
thank you
>From php5-common.README.Debian:
Session storage
---------------
Session files are stored in /var/lib/php5. For security purposes, this
directory is unreadable by non-root users. This means that php5 running
from apache2, for example, will not be able to clean up stale session
files. Instead, we have a cron job run every 30 mins that cleans up
stale session files; /etc/cron.d/php5. You may need to modify how
often this runs, if you've modified session.gc_maxlifetime in your
php.ini; otherwise, it may be too lax or overly aggressive in cleaning
out stale session files.
Andres Salomon <dilin...@debian.org> Fri, 03 Sep 2004 03:12:54 -0400
On Mon, Feb 14, 2011 at 09:44, Pierre Habouzit <madco...@debian.org> wrote:
> Package: libapache2-mod-php5
> Version: 5.3.3-7
> Severity: grave
>
> The last php5 upload sets session.gc_probability to 0, which means that
> sessions aren't GC'ed anymore which is a possible source for DOSes
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-ma...@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>
--
Ondřej Surý <ond...@sury.org>
http://blog.rfc1925.org/
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
