0

I have made PHP application that absolutely relay on session files that is meant to stay for long periods of time (example, tree weeks, one month...).

Because my PHP app will run on shared hosting environment, I made custom session_save_path - directory into the root of my app that contains required session files.

I was wondering: is there any Linux system-based cron mechanism, or anything other which I do not know about, that will delete my session files if they are untouched for some long period of time, as it would incorrectly assume that session file is unnecessary garbage?

It would totally mess up my my application.

I'm concerned mostly because I found some answer here (http://stackoverflow.com/questions/8693934/how-does-php-know-when-to-delete-a-session) which I didn't get well.

Miloš Đakonović
  • 3,751
  • 5
  • 35
  • 55
  • 1
    Sessions are supposed to last, well, for a session, and three weeks sound much longer than a session. You'll probably prefer to use some sort of database to store longer-lasting data. – zneak May 10 '12 at 06:21
  • Thanks. I know that database are better-suited for this purpose but I had reasons for making application DB-independent. – Miloš Đakonović May 10 '12 at 06:29
  • yes old session files get removed by php even if you have a custom path. typically however you would use a cookie for long term storage instead of a session file. – dqhendricks May 10 '12 at 06:32
  • @Miloshio, if you can't use a full-fledged database server, you can still use SQLite or even good ol' text files. The main point is that you really should not use sessions for persistence. They were expressly designed to not persist. – zneak May 10 '12 at 13:40

1 Answers1

0

I think your session files might be removed by php session garbage routine.

Check these configurations options and find more info about php sessions' gc.

http://php.net/manual/en/session.configuration.php

You need to pay attention on the gc-_* directives.

deadrunk
  • 13,861
  • 4
  • 29
  • 29
  • Thansks deadrunk. You think that php session garbage routine may remove these files even if they are in custom session directory path? – Miloš Đakonović May 10 '12 at 06:26
  • I mean that if you are sure that your session files were removed, the gc is most probably responsible for that. Also you could set custom session storage, MySQL for instance, where you can easily track number of sessions (`SELECT COUNT(*) FROM sessions`) and compare these values from time to time. If you want to use filesystem, you can get number of files using following command: `ls -l | wc -l` – deadrunk May 10 '12 at 06:33
  • Thanks. I have not run into any problems yet, 24 hours is passed, session files are untouched... – Miloš Đakonović May 10 '12 at 06:40
  • Ok, I didn't have function touch() on my mind. I think if I perform this function on my session files, before calling functions that may run garbage collection mechanism(session_start I think), this could solve problem... – Miloš Đakonović May 10 '12 at 07:29
  • If you are using debian linux there is a cron located at /etc/cron.d/php5. This cron checks every 30 minutes if session files within /var/lib/php5/ (and subfolders) have mtime older than the last 24 minutes. If so these files will be deleted. – TRD May 10 '12 at 07:40
  • Oh. It's a black magic :) I'd try to avoid such solutions. Also this will not work on windows with fat32. Try to set `session.gc_maxlifetime` to 2592000 (1 month) and `session.gc_divisor` to 10000, for instance. From php manual: `The probability is calculated by using gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that the GC process starts on each request` – deadrunk May 10 '12 at 07:44