Merge pull request #4132 from Deltik/fix-4113

Enable PHP session file garbage collection
2025-08-03 21:27:25 +02:00 · 2020-04-18 12:25:52 -07:00
parent 5b34bc9bf1 5d982561c3
commit 23e62915db
1 changed files with 61 additions and 44 deletions
--- a/e107_handlers/session_handler.php
+++ b/e107_handlers/session_handler.php
@@ -194,8 +194,8 @@ class e_session
 	 */
 	public function setDefaultSystemConfig()
 	{
-		if(!$this->getSessionId())
-		{
+        if ($this->getSessionId()) return $this;
+
        $config = array(
            'ValidateRemoteAddr' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED),
            'ValidateHttpVia' => (e_SECURITY_LEVEL >= self::SECURITY_LEVEL_HIGH),
@@ -208,7 +208,7 @@ class e_session
            'httponly' => true,
        );

-			if(!defined('E107_INSTALL'))
+        if (!defined('E107_INSTALL'))
        {
            $systemSaveMethod = ini_get('session.save_handler');

@@ -218,37 +218,54 @@ class e_session

            $config['SavePath'] = e107::getPref('session_save_path', false); // FIXME - new pref
            $config['SaveMethod'] = e107::getPref('session_save_method', $saveMethod); // FIXME - new pref
-				$options['lifetime'] = (integer) e107::getPref('session_lifetime', 86400); //
+            $options['lifetime'] = (integer)e107::getPref('session_lifetime', 86400); //
            $options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
            $options['secure'] = e107::getPref('ssl_enabled', false); //

-				if(!empty($options['secure']))
+            if (!empty($options['secure']))
            {
                ini_set('session.cookie_secure', 1);
            }
        }

-			if(defined('SESSION_SAVE_PATH')) // safer than a pref.
+        if (defined('SESSION_SAVE_PATH')) // safer than a pref.
        {
-				$config['SavePath'] = e_BASE. SESSION_SAVE_PATH;
+            $config['SavePath'] = e_BASE . SESSION_SAVE_PATH;
        }

        $hashes = hash_algos();

-			if((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512',$hashes))
+        if ((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512', $hashes))
        {
            ini_set('session.hash_function', 'sha512');
            ini_set('session.hash_bits_per_character', 5);
        }

+        $this->fixSessionFileGarbageCollection();

        $this->setConfig($config)
            ->setOptions($options);
-		}

        return $this;
 	}

+    /**
+     * Modify PHP ini at runtime to enable session file garbage collection
+     *
+     * Takes no action if the garbage collector is already enabled.
+     *
+     * @see https://github.com/e107inc/e107/issues/4113
+     * @return void
+     */
+	private function fixSessionFileGarbageCollection()
+    {
+        $gc_probability = ini_get('session.gc_probability');
+        if ($gc_probability > 0) return;
+
+        ini_set('session.gc_probability', 1);
+        ini_set('session.gc_divisor', 100);
+    }
+	
 	/**
 	 * Retrieve value from current session namespace
 	 * Equals to $_SESSION[NAMESPACE][$key]