[pmwiki-users] 90,000 Session Files

DaveG pmwiki at solidgone.com
Thu Mar 19 21:58:19 CDT 2009

In the past 4 weeks, I have accumulated over 90,000 session files, all 
PmWiki based.  Many are 0 bytes in size; others are small and contain 
info like:


(XXXXX above contained my password -- also not good.)

One of two things (possibly related) I suspect is happening.
* I'm getting hit by spammers trying (and failing) to get through the 
* I set garbage collection to a high value, so I don't have to keep 
logging in every 23 minutes (or whatever the default is). Spammers are 
attempting to login, and the failed attempts are creating session file, 
which basically never expire.

Here's what I have (had) in farmconfig.php:
   $EnableSessionPasswords = 1;
   ini_set('session.cookie_lifetime', 99999999);
   ini_set('session.gc_maxlifetime', 99999999);

I've temporarily reduced the values to a couple of days, to see if that 
at least reduces the history of files. Is there a way to prevent session 
files being created by spammers?

Or, is something else happening here?

  ~ ~ Dave

More information about the pmwiki-users mailing list