PHP :: Request #58302 :: session.gc_maxlifetime should be not used.

Request #58302	session.gc_maxlifetime should be not used.
Submitted:	2008-08-07 06:27 UTC	Modified:	2008-09-11 14:27 UTC
From:	zwxajh at gmail dot com	Assigned:
Status:	Wont fix	Package:	memcache (PECL)
PHP Version:	5.1.6	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

[2008-08-07 06:27 UTC] zwxajh at gmail dot com

Description:
------------
memcache_session.c 
line 188

if (mmc_pool_store(pool, "set", sizeof("set")-1, key_tmp, key_tmp_len, 0, INI_INT("session.gc_maxlifetime"), val, vallen TSRMLS_CC)) {
...

I thought that the session data lifetime should be same with 'session.cookie_lifetime'.


Reproduce code:
---------------
memcache_session.c 
line 188

if (mmc_pool_store(pool, "set", sizeof("set")-1, key_tmp, key_tmp_len, 0, INI_INT("session.cookie_lifetime") == 0?INI_INT("session.gc_maxlifetime"):INI_INT("session.cookie_lifetime"), val, vallen TSRMLS_CC)) {
...

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2008-09-11 14:27 UTC] mikael at synd dot info

From the session documentation

"session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up."

This sounds a lot like an expiry timeout, i.e. after these number of seconds it's ok to flush the value, same as in how memcached handles expiry ttl's.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Dec 17 07:00:01 2025 UTC