Package: roundcube Version: 1.3.6+dfsg.1-1 Severity: normal Dear Maintainer,
The table `session` of my roundcube database contained several months worth of sessions, even though the lifetime of a session is 1200 seconds (the default I think). This made this sole table more than 100MB. Actual behavior: the last oldest row in the table is more than 8 months old. Expected behavior: the last oldest row in the table is not more than a few days old (that is a few times $session_lifetime). The reason of the problem seems to be the following: according to https://github.com/roundcube/roundcubemail/issues/1864 roundcube relies on vanilla php session gc. Debian disables it by setting session.gc_probability to 0 and replaces it by a custom phpsessionclean.{service,timer}. This script unfortunately only works on sessions stored as files, and therefore does not clean roundcube sessions. I have implemented the following solution: roundcube ships a script to gc manually: /usr/share/roundcube/bin/gc.sh Unfortunately this script is slightly broken: when run I get ERROR: Configuration error. Unsupported database driver: According to strace, this script looks for roundcube's configuration in /usr/share/roundcube/config/ instead of /etc/roundcube Workaround: ln -s /etc/roundcube/ /usr/share/roundcube/config Similarly, I needed ln -s /tmp/ /usr/share/roundcube/temp Then, bin/gc.sh works and I can make a systemd timer like phpsessionclean: # /etc/systemd/system/roundcube-gc.service [Unit] Description=Clean roundcube session table [Service] User=www-data Type=oneshot ExecStart=/usr/share/roundcube/bin/gc.sh ProtectHome=true ProtectSystem=true PrivateTmp=true # /etc/systemd/system/roundcube-gc.timer [Unit] Description=Clean roundcube session table every 30 mins [Timer] OnCalendar=*-*-* *:09,39:00 Persistent=true [Install] WantedBy=timers.target I have been unable to trigger session gc by the vanilla php mechanism, either in the nginx config or in /etc/php/7.2/fpm/php.ini, even with session.gc_probability=1 session.gc_divisor=1 To sum up, it would be nice to fix bin/gc.sh and ship a timer to run it periodically, possibly by default. Thanks -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.17.0-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages roundcube depends on: ii dpkg 1.19.0.5+b1 ii roundcube-core 1.3.6+dfsg.1-1 roundcube recommends no packages. roundcube suggests no packages. Versions of packages roundcube-core depends on: ii dbconfig-common 2.0.9 ii debconf [debconf-2.0] 1.5.69 ii dpkg 1.19.0.5+b1 ii libmagic1 1:5.34-2 ii php 1:7.2+62 ii php-auth-sasl 1.0.6-3 ii php-common 1:62 ii php-intl 1:7.2+62 ii php-mail-mime 1.10.2-0.1 ii php-net-sieve 1.4.1-1 ii php-net-smtp 1.8.0-1 ii php-net-socket 1.0.14-2 ii php-pear 1:1.10.5+submodules+notgz-1 ii php7.2 [php] 7.2.9-1 ii php7.2-cli [php-cli] 7.2.9-1 ii php7.2-intl [php-intl] 7.2.9-1 ii php7.2-json [php-json] 7.2.9-1 ii roundcube-pgsql 1.3.6+dfsg.1-1 ii ucf 3.0038 Versions of packages roundcube-core recommends: ii nginx-full [httpd-cgi] 1.13.12-1 ii php-fpm 1:7.2+62 ii php-gd 1:7.2+62 ii php-pspell 1:7.2+62 ii php7.2-fpm [php-fpm] 7.2.9-1 ii php7.2-gd [php-gd] 7.2.9-1 ii php7.2-pspell [php-pspell] 7.2.9-1 Versions of packages roundcube-core suggests: pn php-crypt-gpg <none> pn php-net-ldap2 <none> pn php-net-ldap3 <none> ii roundcube-plugins 1.3.6+dfsg.1-1 -- debconf information: roundcube/dbconfig-reinstall: false roundcube/remote/port: roundcube/remote/newhost: localhost roundcube/pgsql/method: TCP/IP roundcube/dbconfig-upgrade: true roundcube/pgsql/authmethod-user: password roundcube/mysql/admin-user: roundcube/upgrade-error: abort roundcube/missing-db-package-error: abort roundcube/reconfigure-webserver: apache2, lighttpd roundcube/hosts: roundcube/db/basepath: roundcube/upgrade-backup: true roundcube/dbconfig-remove: true roundcube/remove-error: abort roundcube/install-error: abort roundcube/internal/skip-preseed: false roundcube/pgsql/authmethod-admin: ident roundcube/language: en_US roundcube/pgsql/changeconf: false * roundcube/database-type: pgsql roundcube/internal/reconfiguring: false roundcube/db/dbname: roundcube roundcube/mysql/method: Unix socket roundcube/db/app-user: roundcube@localhost roundcube/pgsql/no-empty-passwords: roundcube/pgsql/manualconf: roundcube/pgsql/admin-user: postgres roundcube/restart-webserver: true * roundcube/remote/host: localhost roundcube/purge: false * roundcube/dbconfig-install: true roundcube/passwords-do-not-match: