Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001142PacketFencecaptive portalpublic2010-12-20 10:492013-07-31 17:15
Assigned To 
PlatformOSOS Version
Product Version2.0.0 
Target VersioninvestigateFixed in Version 
Summary0001142: CGISessions are not expiring properly
DescriptionWe see on high usage setups that CGISessions are not expiring properly. This cause a problem in the /tmp folder, and can affect the time MySQL takes to restart. Problem has been detected at least on version 1.8.7, 1.9.0, 1.9.1, and 2.0.0, and may impact older versions.

- Maybe we need to properly set a lower expiration time when we create the session.
- Maybe we can clear the session after a user registers.

An easy fix to workaround this problem, run a cron to wipe the sessions older than 30min :
find /tmp -name "cgisess_*" -mmin +30 -exec rm -f {} \;
TagsNo tags attached.
fixed in git revision
fixed in mtn revision
Attached Files

- Relationships

-  Notes
fgaudreault (viewer)
2012-07-19 10:21
edited on: 2012-07-19 10:29

We should consider putting a $session->expire($time) somewhere. (redir.cgi?)

We also need to call

at the end of the process, somewhere in generate_release_page I guess...

fgaudreault (viewer)
2012-07-25 09:54

Commited the delete/flush part for (generate_release_page).

However, we will need to see how we can fix the session handling in the CGI files. The current way is just not working.
fgaudreault (viewer)
2012-09-24 14:53

Bumping this to urgent. Some clients had issues recently with this. We should get rid of the cron and fix the problem once and for all.
sinusoidal (reporter)
2013-07-26 06:48

Just had this rear its ugly head. Will put in the cron workaround. Can I confirm with someone - the cron to remove the sessions after 30 mins - once registered we have a session time out of 3 days. Do I need to change that 30 min value to avoid kicking people off the system after 30 mins? Not sure what the 30 mins relates to. Is this fixed in 4?
fdurand (administrator)
2013-07-31 17:15

Yes it has been fixed in packetfence 4 since we use memcached to store cgi session.

- Issue History
Date Modified Username Field Change
2010-12-20 10:49 fgaudreault New Issue
2011-01-26 15:30 obilodeau Target Version 2.0.1 => 2.0.2
2011-01-31 16:21 fgaudreault Status new => assigned
2011-01-31 16:21 fgaudreault Assigned To => fgaudreault
2011-02-01 16:18 fgaudreault Assigned To fgaudreault =>
2011-03-03 15:19 obilodeau Target Version 2.0.2 => +1
2012-07-15 21:25 fgaudreault Priority normal => high
2012-07-19 10:21 fgaudreault Note Added: 0002844
2012-07-19 10:29 fgaudreault Note Edited: 0002844
2012-07-25 09:54 fgaudreault Note Added: 0002850
2012-09-24 14:53 fgaudreault Priority high => urgent
2012-09-24 14:53 fgaudreault Note Added: 0003089
2012-10-19 13:44 fgaudreault Target Version general => investigate
2013-07-26 06:48 sinusoidal Note Added: 0003345
2013-07-31 17:15 fdurand Note Added: 0003352

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker