Am 21.05.2013 08:59, schrieb A.L.E.C: > On 05/20/2013 09:18 PM, Reindl Harald wrote: >>> We use custom session handler for a reason and we'll not change that >> >> and the reason is? > > - security
seriously? you think you know more about security than me and how do secure vhosts - forget it! hint: * sessiondata is never in open_basedir * the application has no access to sessiondata (your concept has!) * you can easily configure per vhsot-sessiondata > - scalability this is a bad joke my /var/www/sessiondata is a RAM disk since years my cleanups are outside PHP and relieable the system would be much more scalable and is much more scalable with *not* using MySQL for storing sessions and RC is performance wise the weakest part of the whole infrastructure (besides the fact that it does no longer work on F18/PHP5.4/MariaDB) > - we can store session in memcached too so what > - no session file locking (parallel requests do not wait) and no integrity and cleanups or how do you explain me the 5000 records in the session table on a server with a few users after some months?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Roundcube Development discussion mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/dev
