deleting the temp session files.

Anon

Does anyone know if the temp session files that php4 creates ever get deleted by php or is it something that I need to do myself?

I have heard of people using a session_destroy() function but if a user leaves the site suddenly how can the session be destroyed?

I'm starting to accumulate a rather large directory of session files from my offline testing and I'm just wondering if this would ever affect the sites performance.

rgds,
scott d~

Anon

Don't worry about it. PHP will delete them when it gets around to running its garbage collection routine.

Anon

Hi!

If you´re using Win32 this IS a bug in the current implementation of PHP.

See bug id 5231 for details:
http://bugs.php.net/bugs.php?id=5231

Regards
Sascha Kimmel

Anon

I have noticed rather of lot of /tmp/sess files too. I was under the impression that session_unregister and session_destroy would clear down the sess file..

I -did- read somewhere though that the problem /may/ be due to a file handle (files) still being left open - can't remember where I saw this, so don't quote me!

Anon

Hi!

Another new PHP Bug report:
http://bugs.php.net/bugs.php?id=7235

[2000-10-16 05:53:34] taavi@ibs.ee

Session_destroy() does not unlink session object.
Instead I get warning message stating:
"Session object destruction failed".

There is an open bug report #7055 for ver. 4.0.2 suggesting to add:
if (data->fd > -1) {
close(data->fd);
data->fd = -1;
}
before V_UNLINK(buf).

Does it help? If yes, would it be worth to add
this into next binary release? When?

[2000-10-16 06:36:30] dbeu@php.net

fixed in cvs
<<<

So if you´ve got the latest CVS version of PHP it should work. I hope that someone will be able to compile it and offer the newest version for download in BINARY version for Windoze.

Regards,
Sascha

Anon

But how will the garbage colection routine be triggered and when?
When it is run , then will it delete all the physical files created and which are stored on the web browser? How will the garbage collection routine identify the folder on the web server machine , where it has to delete the files?

Anon

From the manual:

  session.gc_probability specifies the probability that the gc (garbage collection) routine is started on each request in percent.
  Defaults to 1. 

  session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up.

So, two conditions have to be met:

First, the gc routine has to be fired, which is governed by the laws of probability. If you have no traffic, it won't be fired (but then, of course, you won't have any sessions to clean up, either!)

Second, the session data file has to be aged > gc_maxlifetime.

On my Prattle test system, I get a lot of traffic whenever I announce a new version, and I can see the sessions are cleaned up. Between releases, traffic may drop to near zero, and I can leave a browser logged in all night because the session file isn't purged.

The bottom line, though, is that this is not anything you need to worry about unless you're running your server on some broken operating system. Session files are secure (readable only by the Web server); if you want to be even more paranoid, you can do an md5 hash of the user ID and use it as an authority check (see Tim Perdue's column on authentication).