Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Cleaning up session cookies
- Jim Carlock
May 11, 2007, 9:33 pm
rate this thread
Re: Cleaning up session cookies
"Mike P2" wrote...
: Check out session.cookie_lifetime in php.ini, set it to 0 to make
: the browser expire the cookie when it closes.
Thanks, Mike. What if I restart the server? What cleans up those
cookies? That value was already to set to 0. I see sess_ files over
a week old and there's quite a few of them. I have to delete them
There a good link about setting all those settings appropriately?
<g> I think search engines create the mess. Google used to throw
the PHPSESSID variable into the URI when parsing one website.
That was horrible as it then appeared as a valid link inside of
Google and there were literally 1000 of them to the same page(s).
Post replies to the group.
Re: Cleaning up session cookies
Oh...you mean session files, not session cookies. I thought you were
talking about the browser trying to use the same session for too long.
There's a solution for session files in php.ini, too. These are the
two settings to consider:
Imagine those two as a fraction, the first above the second. PHP will
automatically clean up old session files randomly. Every time someone
connects to your server to view a PHP page, PHP decides whether or not
to clean up the old session files. This fraction is the probability
that it will clean up the files each time. If the first is set to 1
and the second is set to 100, there is a 1/100 chance that the files
will be cleaned up when each person browses to a page, meaning the old
session files will most likely be cleaned up about once in every 100
page views. It's easiest to just leave the first setting at 1 and
alter session.gc_divisor. You can turn it down if you don't get much
traffic, or turn it up if you get a lot of traffic. The default is
1/100. You should also consider what type of traffic you get; you may
have a tutorial site where people come in off of Google and view the
one tutorial Google brought them to and leave (making a lot of
sessions that aren't used much), or on the other hand you may have an
eCommerce website where people shop around, then go through the
checkout process and make a lot of use of their sessions while you
don't get as many visitors.
This might not function properly if you have your own session handling
function (set with session_set_save_handler()). If you have one of
those, you may want to look at the cleanup function (likely
Session::gc()) and decide if it's working properly.
Lastly, you should consult your server administrator (or hosing
If none of these solutions satisfy you, you can make a cron job or
something similar to delete old session files at a time interval. In a
cron job (as well as in Session::gc() custom functions), you should
probably be using the PHP fileatime() function instead of filemtime(),
because the latter would have your script delete files based on when
they were created, not last used, and you might have someone using a
session for a longer period of time than it would take to expire. Note
that fileatime() doesn't work on all file systems and may just return
what filemtime() would give you anyway (it's worth a shot, though).