Admin-timeouts
Version 1 (Paul Holland, 03/29/2012 07:44 pm)
| 1 | 1 | Paul Holland | h1. Session Timeouts |
|---|---|---|---|
| 2 | 1 | Paul Holland | |
| 3 | 1 | Paul Holland | There are three common, different mechanisms that enforce session timeouts. |
| 4 | 1 | Paul Holland | |
| 5 | 1 | Paul Holland | # The fossology timeout. |
| 6 | 1 | Paul Holland | # PHP session timeout - cron |
| 7 | 1 | Paul Holland | # PHP session timeout - garbage collector |
| 8 | 1 | Paul Holland | |
| 9 | 1 | Paul Holland | h2. Fossology |
| 10 | 1 | Paul Holland | |
| 11 | 1 | Paul Holland | This is a very long timeout (8 hours in fossology v1.3). It is set in ui/plugins/core-auth.php. You don't need to change this unless you want to extend the timeout period to over 8 hours. This is a fallback in case you have disabled the next two mechanisms. |
| 12 | 1 | Paul Holland | |
| 13 | 1 | Paul Holland | h2. PHP cron |
| 14 | 1 | Paul Holland | |
| 15 | 1 | Paul Holland | PHP installs a cron job set to run every 30 minutes. This removes sessions (and therefor your fossology login) that haven't been used for 24 minutes. |
| 16 | 1 | Paul Holland | |
| 17 | 1 | Paul Holland | In the following explanation, I'm using file paths from my debian system. Your OS may put them somewhere else. |
| 18 | 1 | Paul Holland | |
| 19 | 1 | Paul Holland | In /etc/cron.d/php5 you will find a this command: |
| 20 | 1 | Paul Holland | |
| 21 | 1 | Paul Holland | <pre> |
| 22 | 1 | Paul Holland | # Look for and purge old sessions every 30 minutes |
| 23 | 1 | Paul Holland | 09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] |
| 24 | 1 | Paul Holland | && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm |
| 25 | 1 | Paul Holland | </pre> |
| 26 | 1 | Paul Holland | |
| 27 | 1 | Paul Holland | Change it to run at an interval that you want in your environment. Here I've commented out the default command and changed it to only run at 7 am. |
| 28 | 1 | Paul Holland | <pre> |
| 29 | 1 | Paul Holland | # purge only at 7 am |
| 30 | 1 | Paul Holland | * 7 * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] |
| 31 | 1 | Paul Holland | && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm |
| 32 | 1 | Paul Holland | |
| 33 | 1 | Paul Holland | # Look for and purge old sessions every 30 minutes |
| 34 | 1 | Paul Holland | #09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] |
| 35 | 1 | Paul Holland | && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm |
| 36 | 1 | Paul Holland | </pre> |
| 37 | 1 | Paul Holland | |
| 38 | 1 | Paul Holland | h2. php configuration file |
| 39 | 1 | Paul Holland | |
| 40 | 1 | Paul Holland | This is found on my debian system at: /etc/php5/apache2/php.ini |
| 41 | 1 | Paul Holland | |
| 42 | 1 | Paul Holland | If you looked closely you probably noticed in the cron command that there isn't a mention about the 24 minutes maximum session age. That's because it is buried in the maxlifetime file, which gets its information from the php config file, php.ini. So in php.ini set these variables: |
| 43 | 1 | Paul Holland | |
| 44 | 1 | Paul Holland | <pre> |
| 45 | 1 | Paul Holland | session.gc_probability = 1 |
| 46 | 1 | Paul Holland | session.gc_divisor = 1000 |
| 47 | 1 | Paul Holland | session.gc_maxlifetime = 28800 |
| 48 | 1 | Paul Holland | </pre> |
| 49 | 1 | Paul Holland | |
| 50 | 1 | Paul Holland | What those mean is that the php garbage collector will run only every 1/1000 times that php is invoked. And when it runs it will delete sessions that haven't been used in 28800 seconds (8 hrs) or more. The default gc_maxlifetime is 1440 seconds (24 minutes). Now that you know what they do, you can set them to what works best in your environment. |
| 51 | 1 | Paul Holland | |
| 52 | 1 | Paul Holland | Don't forget to reload or restart apache after changing php.ini. |