Re: [PHP] Destroying session data
this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. ~Philip There are two parts to it: session.gc_lifetime = 10 (any session data which is older than this is considered garbage by PHP's garbage collector) session.gc_probability = 1 session.gc_divisor = 1 (these two combine to calculate the probability that PHP will check for and clean up garbage when it starts up) So if you *always* wanted to destroy every session after 10 seconds you can use the settings above. But just realize that this will prevent users from storing anything long term on the server. Not only that but you'll have overhead on every PHP script because you'll end up destroying session files on every startup. Perhaps cron / scheduled tasks is a better answer for you? Just create a script that destroys all files in the session directory and run it as often as you like. -- Teach a person to fish... Ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html PHP Manual: http://php.net/manual/ php-general archives: http://marc.theaimsgroup.com/?l=php-generalw=2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
From: Philip Thompson [EMAIL PROTECTED] My question is: when the session is logged out or ended (via closing the browser or however), should these data files (which look like sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is there a way to automatically destroy them because I don't want to have to go in each day/week/month and delete these session data files manually? Are these data files considered to be cookies? They are not cookies and they should be deleted automatically by the garbage collection process. However, by default, there is only a 1% chance that the garbage collection process is triggered when a session is started. So, if this is a low traffic server, you may not have triggered garbage collection at all. They are not deleted automatically when the session is ended. You can up the probability, if you want, but I wouldn't worry too much about it. Or you can write your own session handler to handle deleting the files. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
On Dec 23, 2004, at 3:40 PM, John Holmes wrote: From: Philip Thompson [EMAIL PROTECTED] On Dec 23, 2004, at 2:59 PM, Matt M. wrote: this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. The gc_maxlifetime setting controls how old files can be before the garbage collection process deletes them, when it's actually started. This is why your file system must support atime as mentioned before. If the file has not been accessed in over 1440 seconds (by default) then if the garbage collection process is started, it'll be deleted. Like I said in my other post, though, there's only a 1% chance of the garbage collection process being started (by default). These old files you see are probably there because you don't have enough traffic to trigger garbage collection or your using a file system that doesn't support atime. ---John Holmes... Thanks to all for your assistance. I'm pretty sure I understand it at least 1% better! =P Thanks, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. what version of php are you using? this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other fs where atime tracking is not available. Since PHP 4.2.3 it has used mtime (modified date) instead of atime. So, you won't have problems with filesystems where atime tracking is not available. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Destroying session data
Hi all. I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. My question is: when the session is logged out or ended (via closing the browser or however), should these data files (which look like sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is there a way to automatically destroy them because I don't want to have to go in each day/week/month and delete these session data files manually? Are these data files considered to be cookies? Just to clarify, I know how to destroy session variables... I want to know how to destroy the files that contain those variables after they're no longer being used. I have RTFM and I can't seem to find the answer. Thanks in advance, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Destroying session data
Closing the browser sends nothing to the webserver and with most webservers, the server has forgotten that you were ever there. When using sessions, you connect your browser and request a page, and that request is accompanied with a session key that is stored in a cookie on the browser machine by domain. PHP takes it on faith that IF this cookie comes with the request, it should match a session datastore, and it looks, and if it finds one, it uses that session when the session_start() function is called (now it remembers you, so to speak). As the script wraps up the session datastore is updated with any new session data, using a probability factor set in php.ini, it may do some extra processing to cleanup old expired sessions. Since the page has already been transmitted in it's entirety to the browser, and the browser should now be working to render the page, this extra process should have no noticeable impact on the user experience. This Garbage Cleanup routine will scan the entire datastore looking for session records that are older than allowed by another php.ini parameter (gc_maxlifetime), and removes them (gc stands for Garbage Cleanup). Keep in mind that this garbage collection will probably not remove the session that pertain to the browser that triggers the cleanup, but rather it will remove session records for other sessions that have not been referenced for a while. In php you can write your own session management handler routines and attach them to your php process. Check out some of the following; http://us4.php.net/manual/en/ref.session.php http://us4.php.net/manual/en/function.session-set-save-handler.php Studying these routines can teach you a lot about how sessions work. If you can get your users to log out instead of closing their browser, you have a chance to execute a script that will then kill a session and that usually removes an individual session data record. HTH, Warren Vail -Original Message- From: Philip Thompson [mailto:[EMAIL PROTECTED] Sent: Thursday, December 23, 2004 12:45 PM To: php-general@lists.php.net Subject: [PHP] Destroying session data Hi all. I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. My question is: when the session is logged out or ended (via closing the browser or however), should these data files (which look like sess_fd983aedf93ceeioa8332890bcd, etc) not be destroyed? If not, is there a way to automatically destroy them because I don't want to have to go in each day/week/month and delete these session data files manually? Are these data files considered to be cookies? Just to clarify, I know how to destroy session variables... I want to know how to destroy the files that contain those variables after they're no longer being used. I have RTFM and I can't seem to find the answer. Thanks in advance, ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Destroying session data
Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. Actually the way most garbage cleanup routines work, the session datastore will be removed regardless of whether it is in use or not. Here comes the tricky stuff, if php has sent a page to the browser and has satisfied your browsers request, and your user is reviewing the contents of the page to decide his next action, as far as apache and php are concerned, that users session is no longer in use. But, if in the process of preparing that page, it was using sessions, it would have stamped the session datastore with a new timestamp, so the garbage cleanup routine would not consider it an old datastore and remove it. If the user waits a long time (longer than gc_maxlifetime in seconds) before doing something, when someone else requests a page, their session could trigger a cleanup process and your session could be deleted. If your script is running, fetches the session datastore, and has not reached the end of it's processing where it rewrites the datastore with updated data and a new timestamp, if during that time the file is deleted, no harm done since the save session routine of your script will make sure the datastore is created and write stuff back into if from it's memory image. I guess that is what PHP would consider in use, whereas your user will consider the time he is mulling over his response as in use, even if he gets up to get a cup of coffee before responding. Warren Vail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Destroying session data
On Dec 23, 2004, at 2:59 PM, Matt M. wrote: I have multiple pages on a website that uses sessions ($_SESSION) to store the data. However, I noticed that in the C:\Windows\Temp directory, all the session variables/data files are stored there from previous (and current) sessions. what version of php are you using? I'm using 4.3.8 this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Destroying session data
From: Philip Thompson [EMAIL PROTECTED] On Dec 23, 2004, at 2:59 PM, Matt M. wrote: this might be coming into play: http://us4.php.net/session session.gc_maxlifetime integer session.gc_maxlifetime specifies the number of seconds after which data will be seen as 'garbage' and cleaned up. Okay, lemme see if I understand how it works. Even if it sees it as garbage, it will not destroy it until the session has ended? or will destroy when that time is reached? So can I set session.gc_maxlifetime to be a low number (e.g., 10 seconds) and it will still behave appropriately? Currently, it's set to the default - 1440. The gc_maxlifetime setting controls how old files can be before the garbage collection process deletes them, when it's actually started. This is why your file system must support atime as mentioned before. If the file has not been accessed in over 1440 seconds (by default) then if the garbage collection process is started, it'll be deleted. Like I said in my other post, though, there's only a 1% chance of the garbage collection process being started (by default). These old files you see are probably there because you don't have enough traffic to trigger garbage collection or your using a file system that doesn't support atime. ---John Holmes... UCCASS - PHP Survey System http://www.bigredspark.com/survey.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
