Garbage collector not deleting files

rajtpd

I am running IIS 4.0 > on Win2k. I have my session.gc_maxlifetime = 300 and my session.gc_probability = 100 in my php.ini file. But after waiting 300 sec. php does not delete my session files from my c:\winnt\tmp folder. All the files are there till I use the web site again to execute the session again and then it clears the files. Dosen't the Garbage collector should delete all the file after 300 sec?

[deleted]

The garbage collector only runs when PHP starts a session, and then it only removes those session files that do not belong to the session it is starting.

PS: don't get too anal about removing session files, there's no need to remove them right after they expire.

rajtpd

I am passing my seesion ID via url and I am worried that if the user bookmark the page and can come back anytime and then the time stamp is updated and then the garbage collector will not delete the file.

[deleted]

"I am passing my seesion ID via url "

bad move, use cookies instead.

"and then the time stamp is updated and then the garbage collector will not delete the file."

That will not happen, the garbage cleaner will remove all expired session files except the one that is used for the current session.
So if person A opens a session, the file for session B can be deleted.

rajtpd

This is how i am sending my session ID.

header('Location: http://www.domainname.com/ok.php?'.sid );

I have never tryed setting cookies. Do i need to u the setcookie() command?

Here is the code:
+++++++++++++++++++++++++++++++++++++++++++==
<?php

session_start();
session_register("auth");
$auth = false; // Assume user is not authenticated

if ($username != "" && $password != "") {

// Connect to MSSQL 

mssql_connect( 'SQL2K') 
    or die ( 'Unable to connect to server.' ); 

// Select database on MSSQL server 

mssql_select_db( 'table_name' ) 
    or die ( 'Unable to select database.' ); 

// Formulate the query 

 $sql = "SELECT * FROM WEB_Access_Verification WHERE 
        username = '$username'"; 

// Execute the query and put results in $result 

$result = mssql_query( $sql ) 
    or die ( 'Unable to execute query.' ); 

// Get number of rows in $result. 

$num = mSsql_num_rows( $result ); 

if ( $num != 0 ) { 

// A matching row was found - the user is authenticated. 

$result0 = mssql_result( $result, 0, realpassword )
    or die ( 'Unable to get result. ');   

if ( $result0 != $password){
	// session_register($auth);
            $auth = false;

} else {
    //session_register($auth);
    $auth = true;

    }

}

}

//$sessionid = session_id();

if ( ! $auth ) {

header('Location: http://www.domainname.com/error_index2.php' );   
exit;

} else {
header('Location: http://www.domainname.com/ok.php?'.sid );

}
?>

[deleted]

"Do i need to u the setcookie() command?"

You can, but there is also a setting in php.ini, called something like 'session_use_cookie'

Check out the session-section of the manual for more details.

rajtpd

Then how do I recall the cookie from a diff page?