Session data-files not removed?
Posted: Wed May 07, 2003 1:17 am
Now i'm a little confused.
file index.php
If i fill in 'blaat' in the form and click the submit button, it display's 'blaat'. that is good.
Then, i copy the session id displayed on the page, and paste it in the url-field:and this works.
Nothing wrong yet.
Now i close the browser, 12 hours later i come back and call that page with that url (index.php?PHPSESSID=63et3e9g9dg2d90gd82dg8) again in a newly opened browser and the session-data still exists.
(BTW, it's PHP4.1.1 on PWS ON NT4)
This way, the server keeps storing all the session data-files and never removes them?
Is there an advisable way to write code so this doesn't happen, or do i really need to make some changes to php.ini for that.. or is it just unimportant and i don't need to worry about it?
Somebody knows? Any ideas welcome!
Here's the most important code of php.ini..
file index.php
Code: Select all
<?php
session_start();
echo session_id();
echo '<br /><form action="index.php" method="post">
<input type="text" name="abc"><input type="submit" value="submit">
</form><br />';
if (isset ($_POST['abc'])) {
$_SESSION['abc']=$_POST['abc'];
echo $_SESSION['abc'];
}
?>Then, i copy the session id displayed on the page, and paste it in the url-field:
Code: Select all
index.php?PHPSESSID=63et3e9g9dg2d90gd82dg8Nothing wrong yet.
Now i close the browser, 12 hours later i come back and call that page with that url (index.php?PHPSESSID=63et3e9g9dg2d90gd82dg8) again in a newly opened browser and the session-data still exists.
(BTW, it's PHP4.1.1 on PWS ON NT4)
This way, the server keeps storing all the session data-files and never removes them?
Is there an advisable way to write code so this doesn't happen, or do i really need to make some changes to php.ini for that.. or is it just unimportant and i don't need to worry about it?
Somebody knows? Any ideas welcome!
Here's the most important code of php.ini..
Code: Select all
їSession]
; Handler used to store/retrieve data.
session.save_handler = files
; Whether to use cookies.
session.use_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =
; How many bytes to read from the file.
session.entropy_length = 0
; Specified here to create the session id.
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache
; Document expires after n minutes.
session.cache_expire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security. It may not be
; feasible to use this option for some sites. Use this option with caution.
session.use_trans_sid = 0