New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Huge amount of tracy sessions files "tracy-*" #538
Comments
Few ideas... Proposed Why do you enable Tracy (development mode) for heartbeat checks? If you perform heartbeat, you usually want to know that app is OK in a production mode. And in the production mode, Tracy does not start sessions. Using common Or maybe - you can set ACL for |
DISCLAIMER : I'm aware of this ticket about setting up a custom sessionfile but my suggestion is quite different.
I think it's more a feature than a bug, but I didn't fully understand how Tracy worked before running into this problem. And it's very problematic for the deployments of my app .... Since Tracy needs, implicitly very specific privileges.
Brace yourself, we'll talk about sessions here.
Here's the idea :
1 - the acces rights of the session folder
In the folder
/var/lib/php/sessions
where tracy stores its sessions filesHere find an
ls -la
of its content, for you to get my problem.root@my-docker:/var/www/html# ls -la /var/lib/php/sessions total 28 drwx-wx-wt 1 root root 4096 Mar 24 13:01 . drwxr-xr-x 1 root root 4096 Jun 2 2021 .. -rw------- 1 www-data www-data 83 Mar 24 11:07 sess_l9q9be5pija67e0criirm548ut -rw-r--r-- 1 www-data www-data 6 Mar 24 11:10 tracy-aef1133a02 -rw-r--r-- 1 www-data www-data 41 Mar 24 11:07 tracy-afea481a37 -rw-r--r-- 1 www-data www-data 23 Mar 24 13:01 tracy-c2f9802a62 -rw-r--r-- 1 www-data www-data 23 Mar 24 13:01 tracy-ddce050766
My app is connected as
www-data
.2 - the FileSession.php class
I understood that this class handle the session file. Moreover the
clean()
function allows Tracy to delete its sessions files. OK3 - The problem with my environment
On the example above I listed only 4 "tracy-" sessions files but after few hours (since I check the 'heartbeat' of my test servers by calling the index) I can end up with thousands of useless tracy files.
The incriminated line is here officer :
tracy/src/Tracy/Session/FileSession.php
Line 84 in e4dd63c
The problem with the function
glob
is that you need to have access rights on the foldersessions
as it needs to list all files in the folder. But you can see up there with myls -la
that my folder has very limited rights. (i.e. I can't list the files in the folder but I can delete them if I know the precise filenames.)4 - Possible improvement
Usually a normal development environment never connects as root, so it may be problematic for devs like me.
I don't have the rights to list all files but I can delete/modify files as long as I know their names.
Here's the idea : add an attribute to
FileSession
typedstring[]
to list all the session files created to unlink all the name listed in this variable, instead of usingglob
.This feature would be consistent with the way
session_destroy()
works.Php lists all the created file like a
zval
then deletes them by listing all the registered names instead of listing all the session file names from the folder.The text was updated successfully, but these errors were encountered: