In the past 4 weeks, I have accumulated over 90,000 session files, all PmWiki based. Many are 0 bytes in size; others are small and contain info like: THIS: captcha-challenges|a:2:{i:0;i:6680;i:1;i:6680;}
AND: authpw|a:1:{s:9:"XXXXX";i:1;}authid|N;captcha-challenges|a:28:{i:0;i:3634;i:1;i:3080;i:2;i:1469;i:3;i:9901;i:4;i:2488;i:5;i:9146;i:6;i:8976;i:7;i:4217;i:8;i:8530;i:9;i:5051;i:10;i:9480;i:11;i:7442;i:12;i:3326;i:13;i:4212;i:14;i:2263;i:15;i:3358;i:16;i:6386;i:17;i:4609;i:18;i:5631;i:19;i:6594;i:20;i:1537;i:21;i:7717;i:22;i:6864;i:23;i:2520;i:24;i:1438;i:25;i:9996;i:26;i:4698;i:27;i:6755;} (XXXXX above contained my password -- also not good.) One of two things (possibly related) I suspect is happening. * I'm getting hit by spammers trying (and failing) to get through the captcha. * I set garbage collection to a high value, so I don't have to keep logging in every 23 minutes (or whatever the default is). Spammers are attempting to login, and the failed attempts are creating session file, which basically never expire. Here's what I have (had) in farmconfig.php: $EnableSessionPasswords = 1; session_name(str_replace('.','',$_SERVER['HTTP_HOST'])); ini_set('session.cookie_lifetime', 99999999); ini_set('session.gc_maxlifetime', 99999999); I've temporarily reduced the values to a couple of days, to see if that at least reduces the history of files. Is there a way to prevent session files being created by spammers? Or, is something else happening here? ~ ~ Dave _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users