Ticket #1483986 (Bugs) Session expires

Mr. B. Vrieling bvrieling at tdchristian.ca
Tue Sep 5 22:17:17 CEST 2006

Further to my previous email:

My suspicion is that the bug is in RoundCube's custom session handling code. As I poke in program/include/session.inc I note that Roundcube installs custom PHP session handlers here:

// set custom functions for PHP session management
session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write','sess_destroy', 'sess_gc');

Specifically, my suspicion is that the sess_gc() function is deleting sessions incorrectly (ie. prematurely).


1. Why the custom session handling code? Was it for scaling with multiple servers? If I has only one server (a simple environment), what does storing the sessions in a database accomplish?

2. If I disabled the garbage collection code (sess_gc) and allowed the stale sessions to collect rather than have them deleted, what would the impact of that be other than disk space in the database? I might manually hoof them all once a week.

3. If the answer to the final part of #1 is "not a lot", what would happen if I did not install the custom session handlers and just let PHP's own code do it?

I might be all wet and not understanding at all what the code is supposed to do. If so, please forgive me. However, I have users who really want to use RoundCube but the session expiry bug is killing them. I need a tactical solution until the real issue is addressed.



On Mon, 4 Sep 2006 10:05:35 -0400, "Mr. B. Vrieling" <bvrieling at tdchristian.ca> wrote:
> Hello,
> On Thu, 31 Aug 2006 11:48:36 -0300 (ART), Martin Marques
> <martin at bugs.unl.edu.ar> wrote:
>> My problem is not when composing, but when reading the message list.
>> BTW, setting ip_check to false didn't fix anything.
>> Another thing. This happens when I execute lots of actions, like hitting
>> the delete botton lots of times.
> I can confirm that after setting my session lifetime to 30 and setting
> IP_CHECK to FALSE, the problem has not been fixed. My sessions continue to
> expire at odd times, most annoyingly during message creation and sending.
> (I don't have caching enabled, and this is on an uptodate FC5 server
> running 0.1beta2.)
> Is there an easy way to just turn session expiring OFF entirely? Hoofing
> that functionality is better than the current situation.
> Thanks.
> ..Bruce

More information about the Dev mailing list