Further to my previous email:
My suspicion is that the bug is in RoundCube's custom session handling code. As I poke in program/include/session.inc I note that Roundcube installs custom PHP session handlers here:
// set custom functions for PHP session management session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write','sess_destroy', 'sess_gc');
Specifically, my suspicion is that the sess_gc() function is deleting sessions incorrectly (ie. prematurely).
QUESTIONS:
Why the custom session handling code? Was it for scaling with multiple servers? If I has only one server (a simple environment), what does storing the sessions in a database accomplish?
If I disabled the garbage collection code (sess_gc) and allowed the stale sessions to collect rather than have them deleted, what would the impact of that be other than disk space in the database? I might manually hoof them all once a week.
If the answer to the final part of #1 is "not a lot", what would happen if I did not install the custom session handlers and just let PHP's own code do it?
I might be all wet and not understanding at all what the code is supposed to do. If so, please forgive me. However, I have users who really want to use RoundCube but the session expiry bug is killing them. I need a tactical solution until the real issue is addressed.
Thanks!
..Bruce
On Mon, 4 Sep 2006 10:05:35 -0400, "Mr. B. Vrieling" bvrieling@tdchristian.ca wrote:
Hello,
On Thu, 31 Aug 2006 11:48:36 -0300 (ART), Martin Marques martin@bugs.unl.edu.ar wrote:
My problem is not when composing, but when reading the message list.
BTW, setting ip_check to false didn't fix anything.
Another thing. This happens when I execute lots of actions, like hitting the delete botton lots of times.
I can confirm that after setting my session lifetime to 30 and setting IP_CHECK to FALSE, the problem has not been fixed. My sessions continue to expire at odd times, most annoyingly during message creation and sending. (I don't have caching enabled, and this is on an uptodate FC5 server running 0.1beta2.)
Is there an easy way to just turn session expiring OFF entirely? Hoofing that functionality is better than the current situation.
Thanks.
..Bruce