php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #58302 session.gc_maxlifetime should be not used.
Submitted: 2008-08-07 06:27 UTC Modified: 2008-09-11 14:27 UTC
From: zwxajh at gmail dot com Assigned:
Status: Wont fix Package: memcache (PECL)
PHP Version: 5.1.6 OS: linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: zwxajh at gmail dot com
New email:
PHP Version: OS:

 

 [2008-08-07 06:27 UTC] zwxajh at gmail dot com
Description:
------------
memcache_session.c 
line 188

if (mmc_pool_store(pool, "set", sizeof("set")-1, key_tmp, key_tmp_len, 0, INI_INT("session.gc_maxlifetime"), val, vallen TSRMLS_CC)) {
...

I thought that the session data lifetime should be same with 'session.cookie_lifetime'.


Reproduce code:
---------------
memcache_session.c 
line 188

if (mmc_pool_store(pool, "set", sizeof("set")-1, key_tmp, key_tmp_len, 0, INI_INT("session.cookie_lifetime") == 0?INI_INT("session.gc_maxlifetime"):INI_INT("session.cookie_lifetime"), val, vallen TSRMLS_CC)) {
...


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-09-11 14:27 UTC] mikael at synd dot info
From the session documentation

"session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up."

This sounds a lot like an expiry timeout, i.e. after these number of seconds it's ok to flush the value, same as in how memcached handles expiry ttl's.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Thu Jan 02 12:01:29 2025 UTC