Re: [PHP] Destroying session data

2004-12-29 Thread Jason Barnett
this might be coming into play:
http://us4.php.net/session
session.gc_maxlifetime  integer
session.gc_maxlifetime specifies the number of seconds after which
data will be seen as 'garbage' and cleaned up.

Okay, lemme see if I understand how it works. Even if it sees it as 
garbage, it will not destroy it until the session has ended? or will 
destroy when that time is reached? So can I set session.gc_maxlifetime 
to be a low number (e.g., 10 seconds) and it will still behave 
appropriately? Currently, it's set to the default - 1440.

~Philip
There are two parts to it:
session.gc_lifetime = 10
(any session data which is older than this is considered garbage by 
PHP's garbage collector)

session.gc_probability = 1
session.gc_divisor = 1
(these two combine to calculate the probability that PHP will check for 
and clean up garbage when it starts up)

So if you *always* wanted to destroy every session after 10 seconds you 
can use the settings above.  But just realize that this will prevent 
users from storing anything long term on the server.  Not only that but 
you'll have overhead on every PHP script because you'll end up 
destroying session files on every startup.

Perhaps cron / scheduled tasks is a better answer for you?  Just create 
a script that destroys all files in the session directory and run it as 
often as you like.

--
Teach a person to fish...
Ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html
PHP Manual: http://php.net/manual/
php-general archives: http://marc.theaimsgroup.com/?l=php-generalw=2
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] Destroying session data

2004-12-23 Thread John Holmes
 From: Philip Thompson [EMAIL PROTECTED]

 My question is: when the session is logged out or ended (via closing 
 the browser or however), should these data files (which look like 
 sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is 
 there a way to automatically destroy them because I don't want to have 
 to go in each day/week/month and delete these session data files 
 manually? Are these data files considered to be cookies?

They are not cookies and they should be deleted automatically by the garbage 
collection process. However, by default, there is only a 1% chance that the 
garbage collection process is triggered when a session is started. So, if this 
is a low traffic server, you may not have triggered garbage collection at all. 
They are not deleted automatically when the session is ended. 

You can up the probability, if you want, but I wouldn't worry too much about 
it. Or you can write your own session handler to handle deleting the files. 

---John Holmes...

UCCASS - PHP Survey System
http://www.bigredspark.com/survey.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Destroying session data

2004-12-23 Thread Philip Thompson
On Dec 23, 2004, at 3:40 PM, John Holmes wrote:
From: Philip Thompson [EMAIL PROTECTED]
On Dec 23, 2004, at 2:59 PM, Matt M. wrote:

this might be coming into play:
http://us4.php.net/session
session.gc_maxlifetime  integer
session.gc_maxlifetime specifies the number of seconds after 
which
data will be seen as 'garbage' and cleaned up.
Okay, lemme see if I understand how it works. Even if it sees it as
garbage, it will not destroy it until the session has ended? or will
destroy when that time is reached? So can I set session.gc_maxlifetime
to be a low number (e.g., 10 seconds) and it will still behave
appropriately? Currently, it's set to the default - 1440.
The gc_maxlifetime setting controls how old files can be before the 
garbage collection process deletes them, when it's actually started. 
This is why your file system must support atime as mentioned before. 
If the file has not been accessed in over 1440 seconds (by default) 
then if the garbage collection process is started, it'll be deleted.

Like I said in my other post, though, there's only a 1% chance of the 
garbage collection process being started (by default). These old files 
you see are probably there because you don't have enough traffic to 
trigger garbage collection or your using a file system that doesn't 
support atime.

---John Holmes...
Thanks to all for your assistance. I'm pretty sure I understand it at 
least 1% better! =P

Thanks,
~Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: [PHP] Destroying session data

2004-12-23 Thread Matt M.
 I have multiple pages on a website that uses sessions ($_SESSION) to
 store the data. However, I noticed that in the C:\Windows\Temp
 directory, all the session variables/data files are stored there from
 previous (and current) sessions.

what version of php are you using?

this might be coming into play:
http://us4.php.net/session

session.gc_maxlifetime  integer

session.gc_maxlifetime specifies the number of seconds after which
data will be seen as 'garbage' and cleaned up.

Note: If you are using the default file-based session handler,
your filesystem must keep track of access times (atime). Windows FAT
does not so you will have to come up with another way to handle
garbage collecting your session if you are stuck with a FAT filesystem
or any other fs where atime tracking is not available. Since PHP 4.2.3
it has used mtime (modified date) instead of atime. So, you won't have
problems with filesystems where atime tracking is not available.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Destroying session data

2004-12-23 Thread Philip Thompson
Hi all.
I have multiple pages on a website that uses sessions ($_SESSION) to 
store the data. However, I noticed that in the C:\Windows\Temp 
directory, all the session variables/data files are stored there from 
previous (and current) sessions.

My question is: when the session is logged out or ended (via closing 
the browser or however), should these data files (which look like 
sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is 
there a way to automatically destroy them because I don't want to have 
to go in each day/week/month and delete these session data files 
manually? Are these data files considered to be cookies?

Just to clarify, I know how to destroy session variables... I want to 
know how to destroy the files that contain those variables after 
they're no longer being used. I have RTFM and I can't seem to find the 
answer.

Thanks in advance,
~Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


RE: [PHP] Destroying session data

2004-12-23 Thread Vail, Warren
Closing the browser sends nothing to the webserver and with most webservers,
the server has forgotten that you were ever there.

When using sessions, you connect your browser and request a page, and that
request is accompanied with a session key that is stored in a cookie on the
browser machine by domain.  PHP takes it on faith that IF this cookie comes
with the request, it should match a session datastore, and it looks, and if
it finds one, it uses that session when the session_start() function is
called (now it remembers you, so to speak).

As the script wraps up the session datastore is updated with any new session
data, using a probability factor set in php.ini, it may do some extra
processing to cleanup old expired sessions.  Since the page has already
been transmitted in it's entirety to the browser, and the browser should now
be working to render the page, this extra process should have no noticeable
impact on the user experience.  This Garbage Cleanup routine will scan the
entire datastore looking for session records that are older than allowed by
another php.ini parameter (gc_maxlifetime), and removes them (gc stands for
Garbage Cleanup).  Keep in mind that this garbage collection will probably
not remove the session that pertain to the browser that triggers the
cleanup, but rather it will remove session records for other sessions that
have not been referenced for a while.

In php you can write your own session management handler routines and attach
them to your php process.  Check out some of the following;

http://us4.php.net/manual/en/ref.session.php
http://us4.php.net/manual/en/function.session-set-save-handler.php

Studying these routines can teach you a lot about how sessions work.

If you can get your users to log out instead of closing their browser, you
have a chance to execute a script that will then kill a session and that
usually removes an individual session data record.

HTH,

Warren Vail


 -Original Message-
 From: Philip Thompson [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, December 23, 2004 12:45 PM
 To: php-general@lists.php.net
 Subject: [PHP] Destroying session data
 
 
 Hi all.
 
 I have multiple pages on a website that uses sessions ($_SESSION) to 
 store the data. However, I noticed that in the C:\Windows\Temp 
 directory, all the session variables/data files are stored there from 
 previous (and current) sessions.
 
 My question is: when the session is logged out or ended 
 (via closing 
 the browser or however), should these data files (which look like 
 sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is 
 there a way to automatically destroy them because I don't 
 want to have 
 to go in each day/week/month and delete these session data files 
 manually? Are these data files considered to be cookies?
 
 Just to clarify, I know how to destroy session variables... I want to 
 know how to destroy the files that contain those variables after 
 they're no longer being used. I have RTFM and I can't seem to 
 find the 
 answer.
 
 Thanks in advance,
 ~Philip
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] Destroying session data

2004-12-23 Thread Vail, Warren
 
 Okay, lemme see if I understand how it works. Even if it sees it as 
 garbage, it will not destroy it until the session has ended? or will 
 destroy when that time is reached? So can I set 
 session.gc_maxlifetime 
 to be a low number (e.g., 10 seconds) and it will still behave 
 appropriately? Currently, it's set to the default - 1440.
 
Actually the way most garbage cleanup routines work, the session datastore
will be removed regardless of whether it is in use or not.  

Here comes the tricky stuff, if php has sent a page to the browser and has
satisfied your browsers request, and your user is reviewing the contents of
the page to decide his next action, as far as apache and php are concerned,
that users session is no longer in use.  But, if in the process of
preparing that page, it was using sessions, it would have stamped the
session datastore with a new timestamp, so the garbage cleanup routine would
not consider it an old datastore and remove it.  If the user waits a long
time (longer than gc_maxlifetime in seconds) before doing something, when
someone else requests a page, their session could trigger a cleanup process
and your session could be deleted.

If your script is running, fetches the session datastore, and has not
reached the end of it's processing where it rewrites the datastore with
updated data and a new timestamp, if during that time the file is deleted,
no harm done since the save session routine of your script will make sure
the datastore is created and write stuff back into if from it's memory
image.  I guess that is what PHP would consider in use, whereas your user
will consider the time he is mulling over his response as in use, even if
he gets up to get a cup of coffee before responding.

Warren Vail

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Destroying session data

2004-12-23 Thread Philip Thompson
On Dec 23, 2004, at 2:59 PM, Matt M. wrote:
I have multiple pages on a website that uses sessions ($_SESSION) to
store the data. However, I noticed that in the C:\Windows\Temp
directory, all the session variables/data files are stored there from
previous (and current) sessions.
what version of php are you using?
I'm using 4.3.8
this might be coming into play:
http://us4.php.net/session
session.gc_maxlifetime  integer
session.gc_maxlifetime specifies the number of seconds after which
data will be seen as 'garbage' and cleaned up.
Okay, lemme see if I understand how it works. Even if it sees it as 
garbage, it will not destroy it until the session has ended? or will 
destroy when that time is reached? So can I set session.gc_maxlifetime 
to be a low number (e.g., 10 seconds) and it will still behave 
appropriately? Currently, it's set to the default - 1440.

~Philip
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Re: Re: [PHP] Destroying session data

2004-12-23 Thread John Holmes
From: Philip Thompson [EMAIL PROTECTED] 
 On Dec 23, 2004, at 2:59 PM, Matt M. wrote:

  this might be coming into play:
  http://us4.php.net/session
 
  session.gc_maxlifetime  integer
 
  session.gc_maxlifetime specifies the number of seconds after which
  data will be seen as 'garbage' and cleaned up.
 
 Okay, lemme see if I understand how it works. Even if it sees it as 
 garbage, it will not destroy it until the session has ended? or will 
 destroy when that time is reached? So can I set session.gc_maxlifetime 
 to be a low number (e.g., 10 seconds) and it will still behave 
 appropriately? Currently, it's set to the default - 1440.

The gc_maxlifetime setting controls how old files can be before the garbage 
collection process deletes them, when it's actually started. This is why your 
file system must support atime as mentioned before. If the file has not been 
accessed in over 1440 seconds (by default) then if the garbage collection 
process is started, it'll be deleted. 

Like I said in my other post, though, there's only a 1% chance of the garbage 
collection process being started (by default). These old files you see are 
probably there because you don't have enough traffic to trigger garbage 
collection or your using a file system that doesn't support atime. 

---John Holmes...

UCCASS - PHP Survey System
http://www.bigredspark.com/survey.html

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Destroying session if not being used from past 10 mins.

2003-10-21 Thread Jason Wong
On Tuesday 21 October 2003 13:55, Binay wrote:

 How can I configure the session to get destroyed, if not being used from
 past 10 mins.

Sessions are destroyed automatically. You set the session life-time in php.ini 
with session.gc_maxlifetime.

If you want to force the issue, then you'll probably have to check the session 
files yourself (assuming you're using the default session handler), which 
means you'll have to check the filemtime() of each of the session files and 
delete those older than 10 minutes.

-- 
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design  Hosting * Internet  Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Vote anarchist.
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Destroying session if not being used from past 10 mins.

2003-10-21 Thread CPT John W. Holmes
From: Binay [EMAIL PROTECTED]

 How can I configure the session to get destroyed,
 if not being used from past 10 mins.

If you're using the default session handler, the session files are cleaned
up after not being used for 1440 seconds (by default), and the session is
basically destroyed. You can adjust the session.gc_maxlifetime setting in
php.ini to adjust the time.

This time isn't exact, though. The cleanup process is based upon a
probability that is 1% by default. That means the process has a 1% chance of
being started when there is a request to your site. So the files may be
older than 1440 seconds and just waiting for the garbage collection process
to be initiated.

If you need it to be exactly 10 minutes of inactivity, the best method is to
just store the time of the last request as a session variable and do the
checking yourself upon each request. If the last request was more than 10
minutes ago, then handle it accordingly.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Destroying session if not being used from past 10 mins.

2003-10-21 Thread Binay
Thanks alo...
Is it possible to increase the probability which is by default 1% to 99 %
and make sure that session are destroyed after 10 mins by setting
session.gc_maxlifetime to 600.

Binay
- Original Message -
From: CPT John W. Holmes [EMAIL PROTECTED]
To: Binay [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, October 21, 2003 5:08 PM
Subject: Re: [PHP] Destroying session if not being used from past 10 mins.


 From: Binay [EMAIL PROTECTED]

  How can I configure the session to get destroyed,
  if not being used from past 10 mins.

 If you're using the default session handler, the session files are cleaned
 up after not being used for 1440 seconds (by default), and the session is
 basically destroyed. You can adjust the session.gc_maxlifetime setting in
 php.ini to adjust the time.

 This time isn't exact, though. The cleanup process is based upon a
 probability that is 1% by default. That means the process has a 1% chance
of
 being started when there is a request to your site. So the files may be
 older than 1440 seconds and just waiting for the garbage collection
process
 to be initiated.

 If you need it to be exactly 10 minutes of inactivity, the best method is
to
 just store the time of the last request as a session variable and do the
 checking yourself upon each request. If the last request was more than 10
 minutes ago, then handle it accordingly.

 ---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Destroying session if not being used from past 10 mins.

2003-10-21 Thread CPT John W. Holmes
From: Binay [EMAIL PROTECTED]

 Is it possible to increase the probability which is by default 1% to 99 %
 and make sure that session are destroyed after 10 mins by setting
 session.gc_maxlifetime to 600.

I wouldn't recommend that, but you could. The setting to 600 is fine, but I
wouldn't adjust the probability.

Like I said, if you need a hard and fast 10 minute rule, then keep track of
the time yourself within your session.

$_SESSION['last_access'] = time();

If the session variable doesn't exist or it's been over 10 minutes (600
seconds) since the last access, then make them log in again or whatever.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP] Destroying session if not being used from past 10 mins.

2003-10-20 Thread Binay
Hi all,

How can I configure the session to get destroyed, if not being used from past 10 mins.

Thanks in advance
binay


[PHP] Destroying Session Prob

2001-11-12 Thread Joe Van Meer

   Hi again, I've just completed my logout process, everything is going
great but after I log out (logout.php has session_start() followed by
session_destroy(). )
I get two weird symbols printing out. One is like a box and the a B. My
code is below.

?php session_start(); ?

?php
session_destroy();
print You are now logged off.  BR
?


Any ideas why I'm getting these 2 symbols printing out?

Thx Joe :)



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]




[PHP] Destroying Session

2001-07-27 Thread Richard Baskett

Ok having a problem.  If a person just surfs to a page outside of my site or
types in a different url etc.. then it leaves the session intact.  How can I
destroy that session?

Will I need to create some type of apache/linux script to delete the
directory with all the sessions in it that are a certain amount of days old?
There has got to be a better way...

Any help would be appreciated.. thanks!

Rick


P.S. Thanks to the person that helped me with the POST headers.. I still
havent been able to get it to work, but I just figured out a different way
of doing what I wanted :)


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]