From 025c6d6fec394caf0448f5d25d7d6cb18186685f Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Wed, 17 Jun 2026 13:23:53 +0000 Subject: [PATCH] Fix session explosion: skip session_start for agent/netscan/ping endpoints Agent heartbeats (every 10s from 13 agents) were creating empty session files because session_start() ran unconditionally. Over months this produced millions of 0-byte files in the session directory, causing PHP session GC to hang and making all browser API calls intermittently timeout (panels show offline/empty). Co-Authored-By: Claude Sonnet 4.6 --- public_html/api.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/public_html/api.php b/public_html/api.php index 4c53dd1..8214fe7 100644 --- a/public_html/api.php +++ b/public_html/api.php @@ -8,7 +8,13 @@ require_once __DIR__ . '/../api/config.php'; require_once __DIR__ . '/../api/lib/db.php'; require_once __DIR__ . '/../api/lib/kb_engine.php'; -session_start(); +// Skip session for agent/netscan/ping — each heartbeat would otherwise create +// an empty session file, producing millions of files that slow session GC for all requests. +$_earlyParts = explode('/', trim(parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH), '/')); +if (($_earlyParts[0] ?? '') === 'api') array_shift($_earlyParts); +if (!in_array($_earlyParts[0] ?? '', ['agent','netscan','ping'], true)) { + session_start(); +} header('Content-Type: application/json'); header('Access-Control-Allow-Origin: *');