Hi All
I have a query related to session and I will highly appreciate for your answers.
Query:
======
in PHP we use
session_start(); // To start the session
$_SESSION['key']='someValue'; // Assigns some values to the key
Lets assume we did this operation during user login time.
That means for each user there will be a new file in /tmp folder [In windows or in the path session.save_path]
Suppose we are not using session_destroy() during logout.
That means for each user the file that created by the server will remain on the same place. My question is how we can delete those files as if we think we are storing 50Kb data for each user and we have 1000000000 users then what will happen?
How the session file destroys automatically?
Moderator: General Moderators
- DaveTheAve
- Forum Contributor
- Posts: 385
- Joined: Tue Oct 03, 2006 2:25 pm
- Location: 127.0.0.1
- Contact:
Re: How the session file destroys automatically?
That is exactly why they are stored in the /tmp folder. They are removed automatically before space gets low; however, even being a Linux user myself, I don't know if Linux will not let the tmp be a certain size, the number of files, or a cron job as to what triggers the automatic removal.
- greyhoundcode
- Forum Regular
- Posts: 613
- Joined: Mon Feb 11, 2008 4:22 am
Re: How the session file destroys automatically?
Interesting, found this regarding /tmp:
Apparently configurable, so it can be done every 5 days (for instance) or on each reboot.Debian User Reference Manual wrote:This directory is generally erased on a regular basis, or every time you reboot the system. You can create files here if you want, just be aware they might get deleted automatically.
Re: How the session file destroys automatically?
Using /tmp folder is not recommended:
http://www.php.net/manual/en/session.co ... robability
In some Linux distros (like Debian/Ubuntu) session.gc_probability is set 0 because a cron job is resposnible to delete session files:
Cleaning on reboot (only) is not an option.
Session garbage collector is responsible for cleaning "timed out" session files:Warning
If you leave this set to a world-readable directory, such as /tmp (the default), other users on the server may be able to hijack sessions by getting the list of files in that directory.
http://www.php.net/manual/en/session.co ... robability
In some Linux distros (like Debian/Ubuntu) session.gc_probability is set 0 because a cron job is resposnible to delete session files:
Code: Select all
cat /etc/cron.d/php5
# /etc/cron.d/php5: crontab fragment for php5
# This purges session files older than X, where X is defined in seconds
# as the largest value of session.gc_maxlifetime from all your php.ini
# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime
# Look for and purge old sessions every 30 minutes
09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rmThere are 10 types of people in this world, those who understand binary and those who don't