When using DAV + HTTPS to access files on DPM, a large amount of files get stashed under /var/www/sessions on the head node, with origin from mod_gridsite. These hold so called "passcode" files, which are essentially a cookie assigned to the pair [client, file_requested]. With this cookie, the client can present it via HTTP and download the file in bulk also via HTTP.
After some time, these folder holds more and more files since mod_gridsite doesn't properly remove expired cookies. This in turn easily exhausts the maximum inode capacity on the server, making the server inoperable.
Two possible mitigations:
Run a cron job which periodically deletes the files on this directory
Set the directive GridSiteRequirePasscode -> "OFF" (which according to the docs should be the default) - although this raises auth/authz issues
-cron job / disable passcode
Was reported to LCGDM, but it is not an issue on our side.
C&P from out ticket https://its.cern.ch/jira/browse/LCGDM-1155
Cheers.