Re: [PHP] Destroying session data
this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. ~Philip There are two parts to it: session.gc_lifetime = 10 (any session data which is older than this is considered garbage by PHP's garbage collector) session.gc_probability = 1 session.gc_divisor = 1 (these two combine to calculate the probability that PHP will check for and clean up garbage when it starts up) So if you *always* wanted to destroy every session after 10 seconds you can use the settings above. But just realize that this will prevent users from storing anything long term on the server. Not only that but you'll have overhead on every PHP script because you'll end up destroying session files on every startup. Perhaps cron / scheduled tasks is a better answer for you? Just create a script that destroys all files in the session directory and run it as often as you like. -- Teach a person to fish... Ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html PHP Manual: http://php.net/manual/ php-general archives: http://marc.theaimsgroup.com/?l=php-generalw=2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
From: Philip Thompson [EMAIL PROTECTED] My question is: when the session is logged out or ended (via closing the browser or however), should these data files (which look like sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is there a way to automatically destroy them because I don't want to have to go in each day/week/month and delete these session data files manually? Are these data files considered to be cookies? They are not cookies and they should be deleted automatically by the garbage collection process. However, by default, there is only a 1% chance that the garbage collection process is triggered when a session is started. So, if this is a low traffic server, you may not have triggered garbage collection at all. They are not deleted automatically when the session is ended. You can up the probability, if you want, but I wouldn't worry too much about it. Or you can write your own session handler to handle deleting the files. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
On Dec 23, 2004, at 3:40 PM, John Holmes wrote: From: Philip Thompson [EMAIL PROTECTED] On Dec 23, 2004, at 2:59 PM, Matt M. wrote: this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. The gc_maxlifetime setting controls how old files can be before the garbage collection process deletes them, when it's actually started. This is why your file system must support atime as mentioned before. If the file has not been accessed in over 1440 seconds (by default) then if the garbage collection process is started, it'll be deleted. Like I said in my other post, though, there's only a 1% chance of the garbage collection process being started (by default). These old files you see are probably there because you don't have enough traffic to trigger garbage collection or your using a file system that doesn't support atime. ---John Holmes... Thanks to all for your assistance. I'm pretty sure I understand it at least 1% better! =P Thanks, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. what version of php are you using? this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other fs where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won't have problems with filesystems where atime tracking is not available. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Destroying session data
Hi all. I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. My question is: when the session is logged out or ended (via closing the browser or however), should these data files (which look like sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is there a way to automatically destroy them because I don't want to have to go in each day/week/month and delete these session data files manually? Are these data files considered to be cookies? Just to clarify, I know how to destroy session variables... I want to know how to destroy the files that contain those variables after they're no longer being used. I have RTFM and I can't seem to find the answer. Thanks in advance, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Destroying session data
Closing the browser sends nothing to the webserver and with most webservers, the server has forgotten that you were ever there. When using sessions, you connect your browser and request a page, and that request is accompanied with a session key that is stored in a cookie on the browser machine by domain. PHP takes it on faith that IF this cookie comes with the request, it should match a session datastore, and it looks, and if it finds one, it uses that session when the session_start() function is called (now it remembers you, so to speak). As the script wraps up the session datastore is updated with any new session data, using a probability factor set in php.ini, it may do some extra processing to cleanup old expired sessions. Since the page has already been transmitted in it's entirety to the browser, and the browser should now be working to render the page, this extra process should have no noticeable impact on the user experience. This Garbage Cleanup routine will scan the entire datastore looking for session records that are older than allowed by another php.ini parameter (gc_maxlifetime), and removes them (gc stands for Garbage Cleanup). Keep in mind that this garbage collection will probably not remove the session that pertain to the browser that triggers the cleanup, but rather it will remove session records for other sessions that have not been referenced for a while. In php you can write your own session management handler routines and attach them to your php process. Check out some of the following; http://us4.php.net/manual/en/ref.session.php http://us4.php.net/manual/en/function.session-set-save-handler.php Studying these routines can teach you a lot about how sessions work. If you can get your users to log out instead of closing their browser, you have a chance to execute a script that will then kill a session and that usually removes an individual session data record. HTH, Warren Vail -Original Message- From: Philip Thompson [mailto:[EMAIL PROTECTED] Sent: Thursday, December 23, 2004 12:45 PM To: php-general@lists.php.net Subject: [PHP] Destroying session data Hi all. I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. My question is: when the session is logged out or ended (via closing the browser or however), should these data files (which look like sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is there a way to automatically destroy them because I don't want to have to go in each day/week/month and delete these session data files manually? Are these data files considered to be cookies? Just to clarify, I know how to destroy session variables... I want to know how to destroy the files that contain those variables after they're no longer being used. I have RTFM and I can't seem to find the answer. Thanks in advance, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Destroying session data
Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. Actually the way most garbage cleanup routines work, the session datastore will be removed regardless of whether it is in use or not. Here comes the tricky stuff, if php has sent a page to the browser and has satisfied your browsers request, and your user is reviewing the contents of the page to decide his next action, as far as apache and php are concerned, that users session is no longer in use. But, if in the process of preparing that page, it was using sessions, it would have stamped the session datastore with a new timestamp, so the garbage cleanup routine would not consider it an old datastore and remove it. If the user waits a long time (longer than gc_maxlifetime in seconds) before doing something, when someone else requests a page, their session could trigger a cleanup process and your session could be deleted. If your script is running, fetches the session datastore, and has not reached the end of it's processing where it rewrites the datastore with updated data and a new timestamp, if during that time the file is deleted, no harm done since the save session routine of your script will make sure the datastore is created and write stuff back into if from it's memory image. I guess that is what PHP would consider in use, whereas your user will consider the time he is mulling over his response as in use, even if he gets up to get a cup of coffee before responding. Warren Vail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
On Dec 23, 2004, at 2:59 PM, Matt M. wrote: I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. what version of php are you using? I'm using 4.3.8 this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Destroying session data
From: Philip Thompson [EMAIL PROTECTED] On Dec 23, 2004, at 2:59 PM, Matt M. wrote: this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. The gc_maxlifetime setting controls how old files can be before the garbage collection process deletes them, when it's actually started. This is why your file system must support atime as mentioned before. If the file has not been accessed in over 1440 seconds (by default) then if the garbage collection process is started, it'll be deleted. Like I said in my other post, though, there's only a 1% chance of the garbage collection process being started (by default). These old files you see are probably there because you don't have enough traffic to trigger garbage collection or your using a file system that doesn't support atime. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session if not being used from past 10 mins.
On Tuesday 21 October 2003 13:55, Binay wrote: How can I configure the session to get destroyed, if not being used from past 10 mins. Sessions are destroyed automatically. You set the session life-time in php.ini with session.gc_maxlifetime. If you want to force the issue, then you'll probably have to check the session files yourself (assuming you're using the default session handler), which means you'll have to check the filemtime() of each of the session files and delete those older than 10 minutes. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* Vote anarchist. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session if not being used from past 10 mins.
From: Binay [EMAIL PROTECTED] How can I configure the session to get destroyed, if not being used from past 10 mins. If you're using the default session handler, the session files are cleaned up after not being used for 1440 seconds (by default), and the session is basically destroyed. You can adjust the session.gc_maxlifetime setting in php.ini to adjust the time. This time isn't exact, though. The cleanup process is based upon a probability that is 1% by default. That means the process has a 1% chance of being started when there is a request to your site. So the files may be older than 1440 seconds and just waiting for the garbage collection process to be initiated. If you need it to be exactly 10 minutes of inactivity, the best method is to just store the time of the last request as a session variable and do the checking yourself upon each request. If the last request was more than 10 minutes ago, then handle it accordingly. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session if not being used from past 10 mins.
Thanks alo... Is it possible to increase the probability which is by default 1% to 99 % and make sure that session are destroyed after 10 mins by setting session.gc_maxlifetime to 600. Binay - Original Message - From: CPT John W. Holmes [EMAIL PROTECTED] To: Binay [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 5:08 PM Subject: Re: [PHP] Destroying session if not being used from past 10 mins. From: Binay [EMAIL PROTECTED] How can I configure the session to get destroyed, if not being used from past 10 mins. If you're using the default session handler, the session files are cleaned up after not being used for 1440 seconds (by default), and the session is basically destroyed. You can adjust the session.gc_maxlifetime setting in php.ini to adjust the time. This time isn't exact, though. The cleanup process is based upon a probability that is 1% by default. That means the process has a 1% chance of being started when there is a request to your site. So the files may be older than 1440 seconds and just waiting for the garbage collection process to be initiated. If you need it to be exactly 10 minutes of inactivity, the best method is to just store the time of the last request as a session variable and do the checking yourself upon each request. If the last request was more than 10 minutes ago, then handle it accordingly. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session if not being used from past 10 mins.
From: Binay [EMAIL PROTECTED] Is it possible to increase the probability which is by default 1% to 99 % and make sure that session are destroyed after 10 mins by setting session.gc_maxlifetime to 600. I wouldn't recommend that, but you could. The setting to 600 is fine, but I wouldn't adjust the probability. Like I said, if you need a hard and fast 10 minute rule, then keep track of the time yourself within your session. $_SESSION['last_access'] = time(); If the session variable doesn't exist or it's been over 10 minutes (600 seconds) since the last access, then make them log in again or whatever. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Destroying session if not being used from past 10 mins.
Hi all, How can I configure the session to get destroyed, if not being used from past 10 mins. Thanks in advance binay
[PHP] Destroying Session Prob
Hi again, I've just completed my logout process, everything is going great but after I log out (logout.php has session_start() followed by session_destroy(). ) I get two weird symbols printing out. One is like a box and the a B. My code is below. ?php session_start(); ? ?php session_destroy(); print You are now logged off. BR ? Any ideas why I'm getting these 2 symbols printing out? Thx Joe :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Destroying Session
Ok having a problem. If a person just surfs to a page outside of my site or types in a different url etc.. then it leaves the session intact. How can I destroy that session? Will I need to create some type of apache/linux script to delete the directory with all the sessions in it that are a certain amount of days old? There has got to be a better way... Any help would be appreciated.. thanks! Rick P.S. Thanks to the person that helped me with the POST headers.. I still havent been able to get it to work, but I just figured out a different way of doing what I wanted :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]