I just bumped into a rather omnious notice from PHP, about
session_start() not being able to complete.
Notice: session_start() [function.session-start]: ps_files_cleanup_dir: opendir(/var/lib/php5) failed: Permission denied (13) in ../vendor/symfony/src/Symfony/Component/HttpFoundation/SessionStorage/NativeSessionStorage.php line 83
After digging around some it turned out this is PHP trying to purge session data files from the file system (
/var/lib/php5 in Ubuntu) without having the access to find what files to delete.
Fixing the problem
You could change the group owner of the directory to
www-data and give the group read access with
chmod g+r. On Ubuntu there is already a fix in place however, in
/etc/cron.d/php5. This cronjob clears out old sessions so PHP does not have to bother.
So if you are on Ubuntu this misconfiguration is easily remedied by disabling
session.gc_probability in your
session.gc_probability = 0
PHP probability configuration
There are a couple of parameters in play here. First there is
session.save_handler which decides how to save session data. It defaults to files but can also be used to offload the filesystem using memcached.
Second there is
session.save_path. When saving data to files this controls what directory to write to.
For the actual garbage collection we have
session.gc_probability (defaults to 1),
session.gc_divisor (defaults to 100) and
session.gc_maxtime (defaults to 1440). The first two decides the probability for garbage collection to happen automatically on
session_start(), using a
gc_divisor chance of proccing.
When garbage collection happens it removes all data older than
gc_maxlife seconds. This means PHP per default has a 1% chance of remove all sessions older than 24 minutes. An interesting feature but I would rather not add on to the page load times any more than absolutely necessary.