Thanks, I'd tried passing a negative value to the time limit as a last act of desperation before posting that, but it didn't seem to help, though I suspect -1 wasn't adequate for the task.

And don't worry, I'm already convinced to use the DB_File approach. I'd really rather not introduce a dependency on something like MySQL, but DB_File shouldn't be a problem. The only reason I asked about the lock files is that Apache::Session::DB_File also takes a LockDirectory value in the same way ::File does, so I anticipated I'd have the same problem. Next time I'll try it before posting, though.

-J.