-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session handling: api and webdav requests shall not start a session #7628
Comments
shouldn't this behaviour considered as a bug because the system get's full of a ton of session files? 😄 |
Is there any progress on this issue? |
I really don't want to bother someone, but "stale" on this issue? really? |
on papercut label, but not fixed since 2 years. very annoying bug. |
I think "papercut" is not appropriate ;) It's probably only moving two lines of code around but a lot of code is build with the assumption that a session is available. I would not touch it without a good reason. If username + password used for the calendar application than using app passwords could reduce the number of created sessions.
Please make sure that your session.save_path is purged from time to time. Above is from a debian system. By default the sessions path is checked for old files every 30 minutes. I agree to the issue itself but your figures seems to be a configuration problem. Fair enough it's not possible to use app passwords everywhere but cleaning the sessions path is. |
I'm using a lot of calendar apps with webdav connection (macOS Calendar / Contacts are using this connection type for example). Everytime webdav connection is established a session file is generated. Should not be when using webdav or oauth2 connections. Purging files is just a workaroung but I'll try using that. |
I get that. Please make sure to setup calendar / contacts like described here:
It's anything but not a workaround. There is a good reason that this is enabled by default (at least for debian/ubuntu). |
Hi there, this link is dead. |
Is this Issue still valid in NC21.0.2? If not, please close this issue. Thanks! :) |
Still valid. Using "app passwords" or "configure cron properly" doesnt solve this. Nobody cares. Really annoying. |
how did you configure cron? |
Thanks! please post your config.php file for further debugging |
Did it like nooblag said. Running cron.php all 5 mins. |
Hi there, thanks. Our config was posted in this issue #23094 which was closed... :( |
Could you please post your current config of your NC21.0.2 instance nonetheless again? Thanks! |
To reference as similar/related issue: #11125
|
So the probably also the same answer:
|
|
Whats going on with the PR: |
I would test that with DAVx for Android and the MacOS Calendar apps, because they actually cause a few thousand session files a week. Is there a build to test anywhere uploaded after merging #28311 @juliushaertl ? |
Help with testing this would be very much appreciated. There should be daily builds at https://download.nextcloud.com/server/daily/ Otherwise you could also apply the pull request as a patch as described in https://docs.nextcloud.com/server/latest/admin_manual/issues/applying_patch.html#getting-a-patch-from-a-github-pull-request |
If it's in todays daily build, I'll test it tomorrow. |
Steps to reproduce
Expected behaviour
For WebDav connections there should be no session file generated.
Actual behaviour
for every webdav connection there is a session file
For the rest, take a look at:
owncloud/core#29779
and the old one:
owncloud/core#5383
and last but not least, be faster as the oc-team. nah just kidding, merry christmas and a happy new year :-)
The text was updated successfully, but these errors were encountered: