Destroying Sessions
 |
If you have been looking at the contents of the session files in your session.save_path directory, you may have noticed that some files have been building up in there, depending on how many session examples you have opened. The reason these files are still there and not deleted when the user ends the session by closing the browser is because we have not made an effort to destroy the session. You have to explicitly destroy sessions for the session files to be deleted. The reason for this is that you have no real way of knowing how long users may be in sessions. It is perfectly feasible for users to start sessions, then go home for the evening (or even a long weekend!) and come back the next day with the browser still sitting open on the desktop. If users have been doing some shopping, you surely wouldn't want to delete their sessions after a set finite amount of time, precisely for the reasons above.
There are two ways to combat the buildup of files in your temporary directory that will not, in most cases, adversely affect your users' sessions.
The first is to make use of the session_destroy() function:
session_destroy();
session_destroy() takes no arguments. session_destroy() unregisters all session variables associated with the user session and removes any session files created by the session. Remember that even if a variable is unregistered with a session, the variable still exists with its value intact on the current page.
This next script demonstrates the use of the session_destroy() function.
Script 2-4 session2.php
1. <? 2. session_start(); 3. if(isset($destroy)) { 4. session_destroy(); 5. unset($name); 6. } else { 7. if(!session_is_registered("name")) { 8. session_register("name"); 9. $name = "Spike"; 10. } 11. } 12. ?> 13. <p>SESSID: <?=$PHPSESSID?> 14. <p>Name: <?=$name?> 15. <form action=session2.php method=post> 16. <input type="submit" name="reload" value="Reload Session"><br> 17. <input type="submit" name="destroy" value="Destroy Session"> 18. </form>
| LINE | DESCRIPTION |
|---|---|
| 2 | Start the session or continue an existing session. |
| 3 5 | Check to see if the $destroy variable is set. If it is, then the user has pressed the "Destroy" button. |
| 6 10 | If $destroy has not been set, then register a session variable named $name and assign that variable the value "Spike". |
| 13 14 | Print out the current session ID and the value of the $name variable. |
| 15 18 | Display a form to the user that allows him or her to reload the current page or destroy the session variable associated with the current session. If the user reloads the page (by clicking "Reload" or using the browser's reload button), then the session variables are reset and the value for session ID is displayed. If the user clicks the "Destroy" button, then the session file associated with the page is deleted, which in turn deletes the value of the session variable. |
Note the files in your temporary directory while clicking the "Reload Session" and "Destroy Session" buttons. Each time you click "Destroy Session," notice that the session file with the corresponding session ID is deleted from your session.save_path directory. Each click of "Reload Session" causes the file to be recreated in that directory.
The other way to manage the orphaned session files is to make use of PHP's automatic "garbage" cleanup of these session files. Open your php.ini file in a text editor and scroll down to the [session] settings. Look for the following two settings:
; Percentile probability that the 'garbage collection' process is started ; on every session initialization. session.gc_probability = 1 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. session.gc_maxlifetime = 1440
The first setting, session.gc_probability, sets the percentage probability that the files identified as garbage are deleted. The default of "1" means that there is a one-percent probability that all of the items identified as garbage are deleted for every session started.
The second setting, session.gc_maxlifetime, sets the lifetime, in seconds, that a session file can exist before being labeled as garbage. The default of "1440" means that every session file that is older than 24 minutes is considered junk.
| |
| Top |
EAN: 2147483647
Pages: 92