ZF-4753: Zend_Session_Namespace::setExpirationSeconds does not expire data in files if session abandoned.
When using persistent cookies and multiple session namespaces, setExpirationSeconds does not expire data unless the session is resumed. Abandoned sessions will leave data in the sess_ files well beyond their expire time.
Requested fix is to modify the garbage collection handler to search through sessions and delete expired data.
- This bug may result in a security vulnerability where session data may be stored on the server for longer than acceptable intervals.