How the session file destroys automatically?

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
aknayak
Forum Newbie
Posts: 1
Joined: Mon Nov 22, 2010 8:05 am

How the session file destroys automatically?

Post by aknayak »

Hi All

I have a query related to session and I will highly appreciate for your answers.

Query:
======
in PHP we use

session_start(); // To start the session

$_SESSION['key']='someValue'; // Assigns some values to the key

Lets assume we did this operation during user login time.
That means for each user there will be a new file in /tmp folder [In windows or in the path session.save_path]

Suppose we are not using session_destroy() during logout.

That means for each user the file that created by the server will remain on the same place. My question is how we can delete those files as if we think we are storing 50Kb data for each user and we have 1000000000 users then what will happen?
User avatar
DaveTheAve
Forum Contributor
Posts: 385
Joined: Tue Oct 03, 2006 2:25 pm
Location: 127.0.0.1
Contact:

Re: How the session file destroys automatically?

Post by DaveTheAve »

That is exactly why they are stored in the /tmp folder. They are removed automatically before space gets low; however, even being a Linux user myself, I don't know if Linux will not let the tmp be a certain size, the number of files, or a cron job as to what triggers the automatic removal.
User avatar
greyhoundcode
Forum Regular
Posts: 613
Joined: Mon Feb 11, 2008 4:22 am

Re: How the session file destroys automatically?

Post by greyhoundcode »

Interesting, found this regarding /tmp:
Debian User Reference Manual wrote:This directory is generally erased on a regular basis, or every time you reboot the system. You can create files here if you want, just be aware they might get deleted automatically.
Apparently configurable, so it can be done every 5 days (for instance) or on each reboot.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: How the session file destroys automatically?

Post by VladSun »

Using /tmp folder is not recommended:
Warning

If you leave this set to a world-readable directory, such as /tmp (the default), other users on the server may be able to hijack sessions by getting the list of files in that directory.
Session garbage collector is responsible for cleaning "timed out" session files:
http://www.php.net/manual/en/session.co ... robability

In some Linux distros (like Debian/Ubuntu) session.gc_probability is set 0 because a cron job is resposnible to delete session files:

Code: Select all

cat /etc/cron.d/php5 
# /etc/cron.d/php5: crontab fragment for php5
#  This purges session files older than X, where X is defined in seconds
#  as the largest value of session.gc_maxlifetime from all your php.ini
#  files, or 24 minutes if not defined.  See /usr/lib/php5/maxlifetime

# Look for and purge old sessions every 30 minutes
09,39 *     * * *     root   [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm
Cleaning on reboot (only) is not an option.
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply