Persistent Sessions ?

Stinger51

I recently upgraded to PHP 4.3 on both my laptop and desktop. The desktop works fine, but not the laptop.

I have a session variable on the laptop that keeps hanging around! Even after I close the the application, when I go back in, there it be again! Huh? 😕

Is there something in the PHP.ini file that permits this, or what?

Sounds crazy, I know.

Also, I'm saving the session to a folder called "php_temp". If I delete the session file, the problem goes away. Sounds like a Windows or PHP garbage collection problem?

Stinger51

; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does not
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm

Windoze users have no choice but to use this subdirectory option. And if I read this correctly, PHP 4.3 no longer destroys the current user session when the user exits the app? 😕

yelvington

I think you're misinterpreting something that is explained in the docs. The reference is to an optional argument that forces PHP to spread out the session files into multiple directories. There can be performance reasons for doing this, but it breaks the automatic garbage collection. Almost no one ever does it, and it should have nothing to do with pointing the session handler at one specific directory.

If your ini file says

session.save_path = c:\php_tmp

... you should be OK. If it says

session.save_path = '5;c:\php_tmp'

... you will not be OK.

See http://us3.php.net/manual/en/ref.session.php

The actual garbage collection process (which will not happen until you get a significant number of hits on your server, as the "firing button" is triggered randomly) should not really be your issue. It is more likely that the problem is with the session cookie, which is the key that lets the browser gain access to the old session data.

Where you do need to look closely is at the value of session.cookie_lifetime. It should be set to 0, which causes PHP to set a cookie that is valid only until the browser closes. Any other value will be the number of seconds for the cookie to remain active.