Dienstag, 24. April 2012

PHP Garbage Collector and Debian/Ubuntu

I recently stummbled upon a error message in the apache error log that looked like this:

[...] PHP Notice: session_start(): ps_files_cleanup_dir: opendir(/var/lib/php5) failed: Permission denied (13) in [...]

As I wasn't aware what that meant, I researched a bit, finding a php bug issue as well as a ubuntu bug issue. In summary, while php tries to clean up old sessions, debian and ubuntu servers permit the www-data user to do this in the session folder resulting in the error message stated above. The funny thing is that debian/ubuntu have a cronjob which cleans up the sessions, so everything works fine and if you don't look into your apache error log, you don't even notice what's going on.

So, what I did was to set the session.gc_probability in the php.ini to 0 so the garbage collector never tries to do a cleanup. As both the php guys and the debian guys are not willing to discuss this issue and come up with a default way to do this (either lowering permissions on the /var/lib/php5 or using the cronjob as default), I think this is a good way. As said, this should have no impact on your applications.

1 Kommentar:

  1. I'm hitting on this error frequently in my dev environement with notices turned on. Yes, it can be avoided by setting the garbage collection probability to 0 and let cron do the clean up job instead of PHP which has not the proper file permissions to clean the default session save path /var/lib/php5.

    But what's awkward is if you want to allow sessions to live longer than session.gc_maxlifetime for a specific application. Ubuntu has a script to determine the maximum session.gc_maxlifetime at /usr/Lib/php5/maxlifetime considering all php.ini files in /etc/php5 but of course not vHost or script specific settings of session.gc_maxlifetime. So I think you have to raise session.gc_maxlifetime for the whole server. We have a lot of users complaining about lost form data because they are going to lunch or answer a phone call during filling a complex form and when they submit they become logged out.

    Btw: It's interesting that you can set sessoin.gc_probability to 0 as it is used as dividend to determine the garbage collection probablity in session.gc_probability/session.gc_divisor