From 32a0ad6778cde495e30f3447e5220136f0528cee Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 29 Dec 2018 10:05:01 +0100 Subject: [PATCH] Force session.gc_probability=1 when using custom session handlers (#6560) --- CHANGELOG | 1 + program/lib/Roundcube/rcube.php | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 5f870e4f1..d47428407 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,6 +11,7 @@ CHANGELOG Roundcube Webmail - deluser.sh: Add option to delete users who have not logged in for more than X days (#6340) - Update to TinyMCE 4.8.2 - Prevent from using deprecated timezone names from jsTimezoneDetect +- Force session.gc_probability=1 when using custom session handlers (#6560) - Plugin API: Added 'raise_error' hook (#6199) - Plugin API: Added 'common_headers' hook (#6385) - Plugin API: Added 'ldap_connected' hook diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 10116df25..2f77ea05d 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -457,6 +457,7 @@ class rcube return; } + $storage = $this->config->get('session_storage', 'db'); $sess_name = $this->config->get('session_name'); $sess_domain = $this->config->get('session_domain'); $sess_path = $this->config->get('session_path'); @@ -484,6 +485,12 @@ class rcube ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); + // Make sure session garbage collector is enabled when using custom handlers (#6560) + // Note: Use session.gc_divisor to control accuracy + if ($storage != 'php' && !ini_get('session.gc_probability')) { + ini_set('session.gc_probability', 1); + } + // get session driver instance $this->session = rcube_session::factory($this->config); $this->session->register_gc_handler(array($this, 'gc'));