On Wed, May 7, 2008 at 5:15 AM, Olivier Berger <[EMAIL PROTECTED]> wrote: > Hello. > > I'm considering the right way to manage the PHP session files on > standard installations in Debian. > > Maybe you can help, as I'm not really expert in PHP. > > In Debian's default configuration, phpGroupware uses session files, and > the session.save_path is directed to a specific directory, separate from > the PHP5 default (/var/lib/phpgroupware/sessions instead of the > default /var/lib/php5/ in Debian). > > I guess such a separate dir was a way to prevent collision with other > applicatons which may lead to security issues as phpGroupware sessions > may contain sensitive information. > > Would this be a big risk to store them in the same place as other PHP > apps installed on the same server ? > > Would you recommend any policy ? > > You'll find bellow a bug-report about these files not being purged ATM > in Debian, btw ;) >
it's always been my impression that php's garbage collection, not a cron job, handles removing old session files. maybe what we have a bug in php itself... _______________________________________________ phpGroupWare-developers mailing list [email protected] http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
