Comment 7 for bug 503396

As far as I remember, the session encryption bug was related to new version of php (in karmic?).

Another shot in the dark - is there different setting in MaxRequestsPerChild setting in apache2? Could you set it to some arbitrary number, so apache2 child gets reloaded once in a while? (I know it's not a solution, but it could help...)