By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,949 Members | 1,564 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,949 IT Pros & Developers. It's quick & easy.

Session garbage collection query

P: n/a
Hi,

I just have a couple of questions regarding sessions. I read the php
manual but I just wasn't clear on a couple of things.

I am using the following to control my sessions:
...
ini_set('session.save_path',"./sessions/sess/");
ini_set("session.gc_maxlifetime","300");
ini_set('session.gc_probability',1);
ini_set('session.gc_divisor',1);
...

I want the garbage collector to kill a users session the second a user
closes their browser (or as quick as possible). Am I doing correct
above ^ to achieve this?

Also, are there any security issues with having the 'session.save_path'
set to a directory like above or should I perhaps have it set to
somewhere like "../../sessions/sess/"?

Thanks in advance!

Nov 17 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Although what you wrote looks ok to me, the only way to be sure is to
do some testing, and actually watch the server create and destroy the
session files. That way you will be sure it is behaving the way you
want it to. You can use a browser like Firefox to look at the session
id in the cookie created by your site to pair up a browser session with
a session file on the server (it will be named with the session id).

Also, I'm not so sure about that session.save_path. Seems to me that
should be an absolute path, starting from a drive letter in Windows or
root in *nix.
Mickey wrote:
Hi,

I just have a couple of questions regarding sessions. I read the php
manual but I just wasn't clear on a couple of things.

I am using the following to control my sessions:
..
ini_set('session.save_path',"./sessions/sess/");
ini_set("session.gc_maxlifetime","300");
ini_set('session.gc_probability',1);
ini_set('session.gc_divisor',1);
..

I want the garbage collector to kill a users session the second a user
closes their browser (or as quick as possible). Am I doing correct
above ^ to achieve this?

Also, are there any security issues with having the 'session.save_path'
set to a directory like above or should I perhaps have it set to
somewhere like "../../sessions/sess/"?

Thanks in advance!
Nov 21 '06 #2

P: n/a
Mickey wrote:
Hi,

I just have a couple of questions regarding sessions. I read the php
manual but I just wasn't clear on a couple of things.

I am using the following to control my sessions:
..
ini_set('session.save_path',"./sessions/sess/");
ini_set("session.gc_maxlifetime","300");
ini_set('session.gc_probability',1);
ini_set('session.gc_divisor',1);
..

I want the garbage collector to kill a users session the second a user
closes their browser (or as quick as possible). Am I doing correct
above ^ to achieve this?

Also, are there any security issues with having the 'session.save_path'
set to a directory like above or should I perhaps have it set to
somewhere like "../../sessions/sess/"?

Thanks in advance!
You can't do it. Your system gets no notification when the client
closes their browser.

About all you can do is set a timeout long enough that an active user
doesn't get frustrated, but short enough that the sessions don't hang
around forever.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Nov 21 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.