PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001142PacketFencecaptive portalpublic2010-12-20 10:492013-07-31 17:15
Reporterfgaudreault 
Assigned To 
PriorityurgentSeveritymajorReproducibilityalways
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version2.0.0 
Target VersioninvestigateFixed in Version 
fixed in git revision
fixed in mtn revision
Summary0001142: CGISessions are not expiring properly
DescriptionWe see on high usage setups that CGISessions are not expiring properly. This cause a problem in the /tmp folder, and can affect the time MySQL takes to restart. Problem has been detected at least on version 1.8.7, 1.9.0, 1.9.1, and 2.0.0, and may impact older versions.

- Maybe we need to properly set a lower expiration time when we create the session.
- Maybe we can clear the session after a user registers.

An easy fix to workaround this problem, run a cron to wipe the sessions older than 30min :
find /tmp -name "cgisess_*" -mmin +30 -exec rm -f {} \;
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-12-20 10:49fgaudreaultNew Issue
2011-01-26 15:30obilodeauTarget Version2.0.1 => 2.0.2
2011-01-31 16:21fgaudreaultStatusnew => assigned
2011-01-31 16:21fgaudreaultAssigned To => fgaudreault
2011-02-01 16:18fgaudreaultAssigned Tofgaudreault =>
2011-03-03 15:19obilodeauTarget Version2.0.2 => +1
2012-07-15 21:25fgaudreaultPrioritynormal => high
2012-07-19 10:21fgaudreaultNote Added: 0002844
2012-07-19 10:29fgaudreaultNote Edited: 0002844
2012-07-25 09:54fgaudreaultNote Added: 0002850
2012-09-24 14:53fgaudreaultPriorityhigh => urgent
2012-09-24 14:53fgaudreaultNote Added: 0003089
2012-10-19 13:44fgaudreaultTarget Versiongeneral => investigate
2013-07-26 06:48sinusoidalNote Added: 0003345
2013-07-31 17:15fdurandNote Added: 0003352

Notes
(0002844)
fgaudreault   
2012-07-19 10:21   
(edited on: 2012-07-19 10:29)
We should consider putting a $session->expire($time) somewhere. (redir.cgi?)

We also need to call
$session->delete()
$session->flush()

at the end of the process, somewhere in generate_release_page I guess...
(0002850)
fgaudreault   
2012-07-25 09:54   
Commited the delete/flush part for web.pm (generate_release_page).

However, we will need to see how we can fix the session handling in the CGI files. The current way is just not working.
(0003089)
fgaudreault   
2012-09-24 14:53   
Bumping this to urgent. Some clients had issues recently with this. We should get rid of the cron and fix the problem once and for all.
(0003345)
sinusoidal   
2013-07-26 06:48   
Just had this rear its ugly head. Will put in the cron workaround. Can I confirm with someone - the cron to remove the sessions after 30 mins - once registered we have a session time out of 3 days. Do I need to change that 30 min value to avoid kicking people off the system after 30 mins? Not sure what the 30 mins relates to. Is this fixed in 4?
(0003352)
fdurand   
2013-07-31 17:15   
Yes it has been fixed in packetfence 4 since we use memcached to store cgi session.