Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PHP configuration #26

Open
si-the-pie opened this issue Nov 16, 2020 · 4 comments
Open

PHP configuration #26

si-the-pie opened this issue Nov 16, 2020 · 4 comments
Labels
apache

Comments

@si-the-pie
Copy link
Member

Difficult directives

Despite being listed as PHP_INI_ALL the following directives are not effectively assigned to values applied from the Apache configuration:

Directive Changeable
session.gc_maxlifetime PHP_INI_ALL
session.cookie_lifetime PHP_INI_ALL
zend.assertions PHP_INI_ALL with restrictions

The assigned values are respected when included in the php.ini system, as has been tried for example in 9998f11.

The zend.assertions directive controls how PHP is compiled which might be why it has to be set in the php.ini system, and the qualification with restrictions is a hint to that.

phpinfo()

Despite looking at this many times over the last decade I have never gotten to the bottom of why the other two settings cannot be set reliably from the Apache configuration. E.g. when set in the either a virtualhost configuration or the one of the higher level conf-enabled files to 86400, phpinfo() lists them as:

Directive Local value Master value
session.cookie_lifetime 86400 1440
session.gc_maxlifetime 86400 1440

(1440 = 24 minutes, 86400 = 24 hours)

but the setting in force appears to be the master value as about 24 minutes later the site requests a login. (This wait also makes it a pain to test / debug.)

I think it might be something to do with the server wide nature of these settings - e.g. the garbage collection lifetime presumably applies to the whole of php as perhaps hinted at by the note attached to this documentation for the session.gc_maxlifetime directive.

Consequence

Until this matter can be resolved then changing these values from their defaults requires edits in the php.ini system files.
si-the-pie referenced this issue Nov 16, 2020
@si-the-pie
Install website: move sesssion lifetime settings to php.ini system
8426113 
These settings do not work if only in the apache configuration.
@mvl22
Copy link
Member

mvl22 commented Nov 16, 2020

Have these been tried in the script itself, rather than Apache? (Both ought to work of course.)

@si-the-pie
Copy link
Member Author

Have these been tried in the script itself, rather than Apache?

Yes, just now, (if I get what you mean by 'script`), but with the same negative outcome.

I tried removing the php.ini configuration and adding the following to meta.php:

		ini_set ('session.gc_maxlifetime', 2000);
		ini_set ('session.cookie_lifetime', 1600);
		ini_set ('zend.assertions', 0);

and phpinfo() via the workshop page shows:

Directive Local value Master value
session.cookie_lifetime 1600 0
session.gc_maxlifetime 2000 1440

and via another route: zend.assertions has value -1.

I also tried with those values as strings rather than int.

So, this is the same result as has been previously tried via the apache configuation.

@mvl22
Copy link
Member

mvl22 commented Nov 16, 2020

That correctly shows that the local value, i.e. the one actually used by the application, is in use. I can't see what the problem is.

(The master value is just for information, namely saying what the system value is, but it's rarely interesting.)

@si-the-pie
Copy link
Member Author

That correctly shows that the local value

Yes theoretically as I understand it, but in practice for these directives this local value is being ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
apache
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mvl22 @si-the-pie