On 2/5/08, ISP Lists <isp@xxxxxxxxxx> wrote:
> > On 2/4/08, ISP Lists <isp@xxxxxxxxxx> wrote:
> >> System: LAMP.
> >> Mysql 5.0.38-Ubuntu_0ubuntu1.2-log Ubuntu 7.04 distribution
> >> php PHP 5.2.1 (cli) (built: Nov 28 2007 23:14:55)
> >> apache2 Server version: Apache/2.2.3
> >> Server built: Aug 16 2007 22:49:04
> >> Architecture: 32-bit
> >> squirrelmail-1.4.13
> >> courier imap 4.1.3
> >> courier authlib 0.59.3
> >> vpopmail 5.4.17
> >>
> >> This is a new system and users have been migrated. All functionality
> >> working, squirrel seems quite happy.
> >>
> >> HOWEVER, big difference from prior system and this is that cookie
> >> expiration seems much more aggressive, even though I'm leaving browser
> >> sessions (Firefox tabs) open with folder list refresh set at 2 minutes.
> >>
> >> I used to be able to leave the folders refreshing overnight and the
> >> sessions would be valid in the morning with a list of new messages handy
> >> (please, no lectures on the wisdom of doing this...). Now, with the new
> >> build, the cookies appear to be expiring more aggressively and sessions
> >> time out even under frequent refresh.
> >>
> >> Soooooo..... what controls squirrel's cookie
> >> timeout/duration/expiration?
> >
> > PHP cleans up unused sessions after session.gc_maxlifetime seconds
> > (see your php.ini). SM tells the browser the the "key" cookie should
> > expire when the user session is finito (browser closes, computer
> > crashes, fire burns down house).
> >
> >> I've parsed global.php and other source files and cannot find a
> >> time/expiration value set by squirrelmail.
> >
> > grep -rin setcookie src/ functions/ | grep -v \.svn
> >
> >> The php.ini is using "session.cookie_lifetime = 0" (same as prior
> >> system,
> >> old system was php4.x)
> >
> > You also need to look at your session lifetime (see above).
> >
> >> Why the difference? What to do/check???
> >> (some of this might be attributed to being on dynamic IP for DSL, but
> >> I'm
> >> certain that there's something different between the old and new
> >> system.)
> >>
> >
> Bottom posting... sorry, too much new code...:
>
> I compared the grep output and it seems that there is an important
> difference in the calls to setcookie between my systems within the default
> code of squirrelmail.
>
> First, both php.ini use "session.gc_maxlifetime = 1440", so there's no
> difference there, but thanks for the steer on that!
>
> OLD squirrelmail 1.4.10a install (unedited)
> "grep -rin setcookie src/ functions/ | grep -v \.svn"
> src/redirect.php:64:setcookie('squirrelmail_language',
> $squirrelmail_language, time()+2592000,
> src/redirect.php:99: setcookie('key', $key, 0, $base_uri);
> src/webmail.php:74: setcookie('squirrelmail_language', $my_language,
> time()+2592000, $base_uri);
> functions/global.php:366: *
> http://www.php.net/manual/en/function.setcookie.php
> functions/global.php:377: if (isset($_COOKIE[session_name()]))
> setcookie(session_name(), '', 0, $base_uri);
> functions/global.php:378: if (isset($_COOKIE['username']))
> setcookie('username', '', 0, $base_uri);
> functions/global.php:379: if (isset($_COOKIE['key'])) setcookie('key',
> '', 0, $base_uri);
>
>
> NEW squirrelmail 1.4.13 install (unedited)
> "grep -rin setcookie src/ functions/ | grep -v \.svn"
> src/redirect.php:62:setcookie('squirrelmail_language',
> $squirrelmail_language, time()+2592000,
> src/redirect.php:97: setcookie('key', $key, 0, $base_uri);
> src/webmail.php:70: setcookie('squirrelmail_language', $my_language,
> time()+2592000, $base_uri);
> functions/global.php:338: *
> http://www.php.net/manual/en/function.setcookie.php
> functions/global.php:349: if (isset($_COOKIE[session_name()]))
> setcookie(session_name(), $_COOKIE[session_name()], 1, $base_uri);
> functions/global.php:350: if (isset($_COOKIE['key'])) setcookie('key',
> 'SQMTRASH', 1, $base_uri);
>
>
> The DIFFERENCE I see is that the two calls in new global.php use is the
> third parameter of "1" which is seconds to expire the cookie?!
Considering those lines are in the function sqsession_destroy(), I'd hope so.
> This is
> versus "0" in the prior version setting the cookie to expire on browser
> close.
>
> Curious on your thoughts how a value of "1" can function correctly?
> Nobody seems to be up in arms so probably not a big deal...
>
> Just for snicks I checked my crontabs (and crontab includes)...
> AHA! Found that Ubuntu 7.04 ships with /etc/cron.d/php5 which reads:
>
> # /etc/cron.d/php5: crontab fragment for php5
> # This purges session files older than X, where X is defined in seconds
> # as the largest value of session.gc_maxlifetime from all your php.ini
> # files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime
>
> # Look for and purge old sessions every 30 minutes
> 09,39 * * * * root [ -d /var/lib/php5 ] && find /var/lib/php5/
> -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0
> | xargs -r -0 rm
>
> my output value for /usr/lib/php5/maxlifetime is "24"
>
> Hmmmm, that's not consistent with my sessions lasting most of the day
> while I'm using squirrelmail, but expiring overnight, even with a fresh
> login.
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
