garbage collection on session files

sfullman

Hi there,

In my version of php on my server, 4.2.2, I have some applications that require login. Everything works great, but apparently, just being inactive for more than say 20 minutes is not enough to "garbage collect" the session file.

I assume that every page that calls session_start() explicitly or implicitly will cause the session file timestamp in /tmp to update. How can I make sure that session files over, say, 30 minutes old are deleted?

Thanks,
Sam Fullman

Norman_Graham

Hi Sfullman

One of these might help:

http://de2.php.net/manual/en/function.session-destroy.php

http://de2.php.net/manual/en/function.session-unregister.php

http://de2.php.net/manual/en/function.session-unset.php

HTH

Norm

sfullman

I have used those functions before, but these won't help in this case.

the destruction of the session needs to happen automatically, not by script, and my problem is that I can log in, go out and see a movie, and come back later and still be logged in.

i.e. THE SESSION FILE IN /TMP HAS NOT BEEN REMOVED IN THE PROPER INTERVAL!!

If I had hundreds of users simultaneously, the session files would get unmanageable, although the bigger issues is that I want to time out inactive logins for security.

Thanks,
Sam