Force session.gc_probability=1 when using custom session handlers (#6560)

CHANGELOG

@@ -11,6 +11,7 @@ CHANGELOG Roundcube Webmail
 - deluser.sh: Add option to delete users who have not logged in for more than X days (#6340)
 - Update to TinyMCE 4.8.2
 - Prevent from using deprecated timezone names from jsTimezoneDetect
+- Force session.gc_probability=1 when using custom session handlers (#6560)
 - Plugin API: Added 'raise_error' hook (#6199)
 - Plugin API: Added 'common_headers' hook (#6385)
 - Plugin API: Added 'ldap_connected' hook

program/lib/Roundcube/rcube.php

@@ -457,6 +457,7 @@ class rcube
             return;
         }
 
+        $storage     = $this->config->get('session_storage', 'db');
         $sess_name   = $this->config->get('session_name');
         $sess_domain = $this->config->get('session_domain');
         $sess_path   = $this->config->get('session_path');
@@ -484,6 +485,12 @@ class rcube
         ini_set('session.use_only_cookies', 1);
         ini_set('session.cookie_httponly', 1);
 
+        // Make sure session garbage collector is enabled when using custom handlers (#6560)
+        // Note: Use session.gc_divisor to control accuracy
+        if ($storage != 'php' && !ini_get('session.gc_probability')) {
+            ini_set('session.gc_probability', 1);
+        }
+
         // get session driver instance
         $this->session = rcube_session::factory($this->config);
         $this->session->register_gc_handler(array($this, 'gc'));