473,700 Members | 2,539 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Cleaning up session cookies

I have a problem where session cookies get left inside
the temporary folder. Is this a common problem or is
there perhaps something I've over looked - there a
way to make sure the session variables get cleaned up?

--
Jim Carlock
Post replies to the group.
May 11 '07 #1
3 3036
On May 11, 5:33 pm, "Jim Carlock" <anonym...@127. 0.0.1wrote:
I have a problem where session cookies get left inside
the temporary folder. Is this a common problem or is
there perhaps something I've over looked - there a
way to make sure the session variables get cleaned up?

--
Jim Carlock
Post replies to the group.
Check out session.cookie_ lifetime in php.ini, set it to 0 to make the
browser expire the cookie when it closes.

http://php.net/session#session.configuration

-Mike PII

May 11 '07 #2
On May 11, 5:33 pm, "Jim Carlock" wrote:
I have a problem where session cookies get left inside
the temporary folder. Is this a common problem or is
there perhaps something I've over looked - there a
way to make sure the session variables get cleaned up?

"Mike P2" wrote...
: Check out session.cookie_ lifetime in php.ini, set it to 0 to make
: the browser expire the cookie when it closes.
: http://php.net/session#session.configuration

Thanks, Mike. What if I restart the server? What cleans up those
cookies? That value was already to set to 0. I see sess_ files over
a week old and there's quite a few of them. I have to delete them
every week.

There a good link about setting all those settings appropriately?
<gI think search engines create the mess. Google used to throw
the PHPSESSID variable into the URI when parsing one website.
That was horrible as it then appeared as a valid link inside of
Google and there were literally 1000 of them to the same page(s).

--
Jim Carlock
Post replies to the group.
May 12 '07 #3
On May 11, 9:49 pm, "Jim Carlock" <anonym...@127. 0.0.1wrote:
Thanks, Mike. What if I restart the server? What cleans up those
cookies? That value was already to set to 0. I see sess_ files over
a week old and there's quite a few of them. I have to delete them
every week.

There a good link about setting all those settings appropriately?
<gI think search engines create the mess. Google used to throw
the PHPSESSID variable into the URI when parsing one website.
That was horrible as it then appeared as a valid link inside of
Google and there were literally 1000 of them to the same page(s).

--
Jim Carlock
Post replies to the group.
Oh...you mean session files, not session cookies. I thought you were
talking about the browser trying to use the same session for too long.

There's a solution for session files in php.ini, too. These are the
two settings to consider:
- session.gc_prob ability
- session.gc_divi sor

Imagine those two as a fraction, the first above the second. PHP will
automatically clean up old session files randomly. Every time someone
connects to your server to view a PHP page, PHP decides whether or not
to clean up the old session files. This fraction is the probability
that it will clean up the files each time. If the first is set to 1
and the second is set to 100, there is a 1/100 chance that the files
will be cleaned up when each person browses to a page, meaning the old
session files will most likely be cleaned up about once in every 100
page views. It's easiest to just leave the first setting at 1 and
alter session.gc_divi sor. You can turn it down if you don't get much
traffic, or turn it up if you get a lot of traffic. The default is
1/100. You should also consider what type of traffic you get; you may
have a tutorial site where people come in off of Google and view the
one tutorial Google brought them to and leave (making a lot of
sessions that aren't used much), or on the other hand you may have an
eCommerce website where people shop around, then go through the
checkout process and make a lot of use of their sessions while you
don't get as many visitors.

This might not function properly if you have your own session handling
function (set with session_set_sav e_handler()). If you have one of
those, you may want to look at the cleanup function (likely
Session::gc()) and decide if it's working properly.

Lastly, you should consult your server administrator (or hosing
company).

If none of these solutions satisfy you, you can make a cron job or
something similar to delete old session files at a time interval. In a
cron job (as well as in Session::gc() custom functions), you should
probably be using the PHP fileatime() function instead of filemtime(),
because the latter would have your script delete files based on when
they were created, not last used, and you might have someone using a
session for a longer period of time than it would take to expire. Note
that fileatime() doesn't work on all file systems and may just return
what filemtime() would give you anyway (it's worth a shot, though).

-Mike PII

May 13 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
7119
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate a user from information you got from the session. Each secure app on a site must challenge the user for name and password, each and every time the user accesses it (not just once and then store it in the session). If a secure app is multi-page,...
0
14712
by: Maverick | last post by:
Hello all, I read some good reviews about jakarta HTTPClient about its session and cookies management system and fancied giving it a try as a learning exercise but somehow I don't seem to be able to get it to work properly. I'm basically trying to connect to this site http://s1.starkingdoms.com/scripts/main.php I am able to get past the authentication login page onto the next screen but I then can't proceed any further because of...
3
3537
by: PM | last post by:
I'm trying to make a kind of search history containing the 3 last searched words. So I'm using 3 Session Variables: Word1 / Word2 / Word3. In order to get this history working, I need to put the last searched word in the following Variable. Ex.: Session("Word3") = Session("Word2") Session("Word2") = Session("Word1")
2
3343
by: Amit D.Shinde | last post by:
Hello Experts.. I need some help regarding cookies and session objects and also global.asa file I am creating one cookie when a user logs in on my website. The cookie stores the login name of the user. I want that cookie should get deleted when user closes the browser without signing out. I think it is done in global.asa file . But i don;t know how to do it?
9
1959
by: RA | last post by:
Hi Please review and let me know if I am correct: 1) My understanding from reading http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag/html/ diforwc-ch05.asp is that asp.net uses cookies to store the user session id, but if cookies are not enabled then it will send the session id as part of the url. Is this correct?
7
2012
by: Marcus | last post by:
I know that when you start a session in PHP, the "cookie" it creates is not the same as those that are stored in your browser's temp folder, and instead is kept in RAM. I am confused because in every session tutorial I have ever read, the author invariably mentions the 2 main ways of propagating sessions - through cookies and appended to the URL. The author also almost always talks about the method being dependent on the user's...
3
4916
by: damezumari | last post by:
To find out were session variables are stored I included this instruction in my program: echo ini_get("session.save_path"); The reply was /home/7604/data/tmp which is a folder on my server. I look at /home/7604/data/tmp and it is full of session files for today. Even so, if I have cookies blocked for my site http://easyquestion.net
2
5004
by: StanB | last post by:
I came across this weird problem: 1. Session state stops working after the app is deployed to another server because IE does not accept cookies. 2. It works if cookieless="true" in the web.config 3. Yes, I tried IE - Tools - Privacy - Accept All Cookies and also Override automatic cookie handling, Always allow session cookes
3
5000
by: dihola | last post by:
Hi, I have a website running in IIS7 and it seems to be creating a new session for every request I make. The values I store in Session are lost with every request. This is the forms bit in my web.config: <authentication mode="Forms"> <forms name=".ReMaCRM" loginUrl="~/Login.aspx" defaultUrl="~/Default.aspx" cookieless="AutoDetect" domain="" timeout="10" protection="All" /> </authentication>
0
8731
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
8649
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
1
8975
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7819
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6564
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5904
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4408
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
3097
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2395
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.