On 05/21/2013 10:13 AM, Reindl Harald wrote:
- security
seriously?
Ok, this one was only for default PHP config. I'm not saying that PHP session is less secure in general.
you think you know more about security than me and how do secure vhosts - forget it!
No, I do not.
- scalability
this is a bad joke
but can you imagine two http servers using the same session (on another machine)? or one http server using two db servers?
- no session file locking (parallel requests do not wait)
and no integrity and cleanups or how do you explain me the 5000 records in the session table on a server with a few users after some months?
Roundcube uses PHP's session garbage collector. If you disabled it then it's your problem to clean old sessions. It of course might be a bug.