Expired session files - Githubissues

e107inc / e107

e107 Bootstrap CMS (Content Management System) v2 with PHP, MySQL, HTML5, jQuery and Twitter Bootstrap. Issue Discussion Room: https://gitter.im/e107inc/e107

https://e107.org

GNU General Public License v3.0

322 stars 214 forks source link

Expired session files #4113

Closed lonalore closed 4 years ago

lonalore commented 4 years ago

Question

Is there a way in e107 to clean up expired session files from temp dir?

Additional Context

I have a VPS with multiple websites, and yesterday I got an alert about 90% usage of inodes. After a little exploration I found that there are more than thousands of e107 session files in the temp directory took ~1.5 million inodes. The directory contained not only new but also old session files even though "Session lifetime" is set to 86400 in the Admin area.

There is only one e107 website on my VPS, other websites do not have this problem. Any idea about this?

Additional Info

Cron is set and it runs every minute.
PHP 7.1.29 (Fast-CGI)
Apache webserver
e107 version: latest git version

2020-03-27_15-05-30

Deltik commented 4 years ago

@CaMer0n: This is exactly what I predicted could happen in our private conversation on 17 February 2020 (link only works for you and @Moc).

@lonalore: The immediate solution is to enable PHP session file garbage collection in your php.ini file. These configuration options need to be greater than 0:

session.gc_maxlifetime – should match your intended session lifetime in minutes
session.gc_divisor – should more than 0 up to 100

Depending on your web server configuration, your web server may need to be restarted after changing php.ini.

In the future, I am planning on introducing a new session management model in e107. Specifically, I want to make it possible to store sessions in the MySQL database, which takes up only 1 to 3 inodes for all sessions, no matter how many.

lonalore commented 4 years ago

@Deltik thank you, I'll apply this setting soon for that website.

Yesterday I deleted the files but there are more than 3,000 again: Képernyőkép_2020-03-27_18-05-12

I support database storage for session data! Very good idea! :+1:

lonalore commented 4 years ago

Session garbage collector works great. Thank you!

Deltik commented 4 years ago

@Moc: Let's categorize this as room for improvement in documentation. Users need to know that session.gc_divisor in php.ini needs to be 1 or higher and that the e107 session lifetime cannot be more than session.gc_maxlifetime.

Moc commented 4 years ago

Yeah I added the enhancement label because I thought we'd link it to to the database storage for sessions. I'm closing this issue as with all documentation issues.

They are added to the project that keeps track of the documentation backlog (yet to start but well, at least we have it organized).

CaMer0n commented 4 years ago

Yes, and the database storage should be optional also. @Deltik @Moc For 2.3.0 I suggest we tweak the session handler as it is now, perhaps with some preferences, so that the above scenario can be avoided. Or, at the very least, check the PHP.ini values and provide alerts (on the PHPInfo page of admin for example)

lonalore commented 4 years ago

Btw, e.g Drupal enables garbage collection using ini_set(). Drupal 7 solution. Drupal 8 solution is the same, but it uses yml configuration file to store these settings.

I think a possible solution might be to add these settings to the session handler, e.g to the setDefaultSystemConfig() method.

Deltik commented 4 years ago

@CaMer0n and @lonalore: How do you like this?: https://github.com/e107inc/e107/pull/4132/files?w=1