By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,718 Members | 1,840 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,718 IT Pros & Developers. It's quick & easy.

Cleaning up session cookies

P: n/a
I have a problem where session cookies get left inside
the temporary folder. Is this a common problem or is
there perhaps something I've over looked - there a
way to make sure the session variables get cleaned up?

--
Jim Carlock
Post replies to the group.
May 11 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
On May 11, 5:33 pm, "Jim Carlock" <anonym...@127.0.0.1wrote:
I have a problem where session cookies get left inside
the temporary folder. Is this a common problem or is
there perhaps something I've over looked - there a
way to make sure the session variables get cleaned up?

--
Jim Carlock
Post replies to the group.
Check out session.cookie_lifetime in php.ini, set it to 0 to make the
browser expire the cookie when it closes.

http://php.net/session#session.configuration

-Mike PII

May 11 '07 #2

P: n/a
On May 11, 5:33 pm, "Jim Carlock" wrote:
I have a problem where session cookies get left inside
the temporary folder. Is this a common problem or is
there perhaps something I've over looked - there a
way to make sure the session variables get cleaned up?

"Mike P2" wrote...
: Check out session.cookie_lifetime in php.ini, set it to 0 to make
: the browser expire the cookie when it closes.
: http://php.net/session#session.configuration

Thanks, Mike. What if I restart the server? What cleans up those
cookies? That value was already to set to 0. I see sess_ files over
a week old and there's quite a few of them. I have to delete them
every week.

There a good link about setting all those settings appropriately?
<gI think search engines create the mess. Google used to throw
the PHPSESSID variable into the URI when parsing one website.
That was horrible as it then appeared as a valid link inside of
Google and there were literally 1000 of them to the same page(s).

--
Jim Carlock
Post replies to the group.
May 12 '07 #3

P: n/a
On May 11, 9:49 pm, "Jim Carlock" <anonym...@127.0.0.1wrote:
Thanks, Mike. What if I restart the server? What cleans up those
cookies? That value was already to set to 0. I see sess_ files over
a week old and there's quite a few of them. I have to delete them
every week.

There a good link about setting all those settings appropriately?
<gI think search engines create the mess. Google used to throw
the PHPSESSID variable into the URI when parsing one website.
That was horrible as it then appeared as a valid link inside of
Google and there were literally 1000 of them to the same page(s).

--
Jim Carlock
Post replies to the group.
Oh...you mean session files, not session cookies. I thought you were
talking about the browser trying to use the same session for too long.

There's a solution for session files in php.ini, too. These are the
two settings to consider:
- session.gc_probability
- session.gc_divisor

Imagine those two as a fraction, the first above the second. PHP will
automatically clean up old session files randomly. Every time someone
connects to your server to view a PHP page, PHP decides whether or not
to clean up the old session files. This fraction is the probability
that it will clean up the files each time. If the first is set to 1
and the second is set to 100, there is a 1/100 chance that the files
will be cleaned up when each person browses to a page, meaning the old
session files will most likely be cleaned up about once in every 100
page views. It's easiest to just leave the first setting at 1 and
alter session.gc_divisor. You can turn it down if you don't get much
traffic, or turn it up if you get a lot of traffic. The default is
1/100. You should also consider what type of traffic you get; you may
have a tutorial site where people come in off of Google and view the
one tutorial Google brought them to and leave (making a lot of
sessions that aren't used much), or on the other hand you may have an
eCommerce website where people shop around, then go through the
checkout process and make a lot of use of their sessions while you
don't get as many visitors.

This might not function properly if you have your own session handling
function (set with session_set_save_handler()). If you have one of
those, you may want to look at the cleanup function (likely
Session::gc()) and decide if it's working properly.

Lastly, you should consult your server administrator (or hosing
company).

If none of these solutions satisfy you, you can make a cron job or
something similar to delete old session files at a time interval. In a
cron job (as well as in Session::gc() custom functions), you should
probably be using the PHP fileatime() function instead of filemtime(),
because the latter would have your script delete files based on when
they were created, not last used, and you might have someone using a
session for a longer period of time than it would take to expire. Note
that fileatime() doesn't work on all file systems and may just return
what filemtime() would give you anyway (it's worth a shot, though).

-Mike PII

May 13 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.